Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Facebook Trojaner und Co. KG

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 01.11.2011, 12:59   #1
RayCell-365
 
Facebook Trojaner und Co. KG - Standard

Facebook Trojaner und Co. KG



Sehr geehrte Damen und Herren,

Ich habe folgendes Problem auf dem Laptop meiner Freundin. Sie hat (glaub sogar 2 mal) den Facebook Bildschirmschoner Trojaner Installiert. Ältere Würmer sind aber auch noch vorhanden (ich hoffe ihr mögt Herausforderungen).

Facebook Trojaner: Dieser hat sich offensichtlich in C:\user\Maus\Appdata\roaming in zwei oder einen der Ordner AA97C 5DCAA eingenistet (ersichtlich am Änderungsdatum). Die Löschung der Dateien führt jedoch dazu, dass im Internet Explorer (Standard und Opera) keine Internet Verbindung hergestellt wird. Habe die Löschung rückgängig gemacht (funktionierte dann wieder) und mit Malwarebytes' den Scan gemacht.
Es sind ungefähr 11 Funde rausbekommen, einige in Quarantäne andere sollten nach Neustart in Quarantäne kommen (denke erfolglos). Internetverbindung wieder nicht funktionstüchtig, deswegen habe ich vorerst nur den Malwarebytes' Log. Sollte der andere online Log nötig sein, bitte erst schreiben was zu löschen ist, da ich dann wahrscheinlich Malwarebytes' deinstallieren oder ausschalten muss.

Ich bedanke mich für das durchlesen und hoffe Ihr könnt mir helfen.
Mit freundlichen Grüßen
Raycell-365

Zitat:
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Datenbank Version: 8059

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

01.11.2011 11:32:36
mbam-log-2011-11-01 (11-32-36).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|F:\|G:\|Q:\|)
Durchsuchte Objekte: 338901
Laufzeit: 41 Minute(n), 24 Sekunde(n)

Infizierte Speicherprozesse: 4
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 3
Infizierte Dateiobjekte der Registrierung: 1
Infizierte Verzeichnisse: 0
Infizierte Dateien: 7

Infizierte Speicherprozesse:
c:\Users\Maus\AppData\Roaming\5DCAA\1843D.exe (Trojan.Agent) -> 2696 -> Unloaded process successfully.
c:\Users\Maus\AppData\Roaming\microsoft\3D75\5A6.exe (Trojan.Agent) -> 2916 -> Unloaded process successfully.
c:\Users\Maus\AppData\Roaming\AA97C\lvvm.exe (Trojan.Agent) -> 5972 -> Unloaded process successfully.
c:\Users\Maus\m-1-52-5782-8752-5245\winsvc.exe (Trojan.Agent) -> 3656 -> Unloaded process successfully.

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\5A6.exe (Trojan.Agent) -> Value: 5A6.exe -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Microsoft® Windows Update (Trojan.Agent) -> Value: Microsoft® Windows Update -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Load (Backdoor.CycBot) -> Value: Load -> Delete on reboot.

Infizierte Dateiobjekte der Registrierung:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Load (Trojan.Agent) -> Bad: (C:\Users\Maus\AppData\Roaming\AA97C\lvvm.exe) Good: () -> Quarantined and deleted successfully.

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\Users\Maus\AppData\Roaming\5DCAA\1843D.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Maus\AppData\Roaming\microsoft\3D75\5A6.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Maus\AppData\Roaming\AA97C\lvvm.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Maus\AppData\Local\Temp\3C35.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\Maus\AppData\Local\Temp\net_framework_update_4.0.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\Maus\AppData\Roaming\microsoft\BC15\5A6.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Maus\m-1-52-5782-8752-5245\winsvc.exe (Trojan.Agent) -> Quarantined and deleted successfully.

Alt 01.11.2011, 21:04   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Facebook Trojaner und Co. KG - Standard

Facebook Trojaner und Co. KG



Gibt es noch weitere Logs von Malwarebytes? Wenn ja bitte alle posten, die in Malwarebytes im Reiter Logdateien sichtbar sind.
__________________

__________________

Alt 01.11.2011, 21:33   #3
RayCell-365
 
Facebook Trojaner und Co. KG - Standard

Facebook Trojaner und Co. KG



Servus,
Von Malewarebytes ist nur noch der Protection LOG drin. Der Scan Gestern war der erste Scan von Malewarebytes. Ansonsten sind bestimmt noch welche von Emisoft da.
Hier der Protection Log

Zitat:
10:46:19 Maus MESSAGE Protection started successfully
10:46:23 Maus MESSAGE IP Protection started successfully
10:46:54 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 49175, Process: winsvc.exe)
10:46:54 Maus IP-BLOCK 141.105.66.235 (Type: incoming, Port: 20039, Process: svchost.exe)
10:46:54 Maus IP-BLOCK 141.105.66.235 (Type: incoming, Port: 49175, Process: svchost.exe)
10:47:02 Maus IP-BLOCK 141.105.66.235 (Type: incoming, Port: 49175, Process: svchost.exe)
10:47:02 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50135, Process: winsvc.exe)
10:47:02 Maus IP-BLOCK 141.105.66.235 (Type: incoming, Port: 49175, Process: svchost.exe)
10:47:02 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50136, Process: winsvc.exe)
10:47:02 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50137, Process: winsvc.exe)
10:47:10 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50138, Process: winsvc.exe)
10:47:10 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50139, Process: winsvc.exe)
10:47:18 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50140, Process: winsvc.exe)
10:47:18 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50141, Process: winsvc.exe)
10:47:18 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50142, Process: winsvc.exe)
10:47:26 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50143, Process: winsvc.exe)
10:47:26 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50144, Process: winsvc.exe)
10:47:26 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50145, Process: winsvc.exe)
10:47:34 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50146, Process: winsvc.exe)
10:47:34 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50147, Process: winsvc.exe)
10:47:42 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50148, Process: winsvc.exe)
10:47:42 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50149, Process: winsvc.exe)
10:47:42 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50150, Process: winsvc.exe)
10:47:50 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50151, Process: winsvc.exe)
10:47:50 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50152, Process: winsvc.exe)
10:47:50 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50153, Process: winsvc.exe)
10:47:58 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50154, Process: winsvc.exe)
10:47:58 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50155, Process: winsvc.exe)
10:48:07 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50157, Process: winsvc.exe)
10:48:07 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50158, Process: winsvc.exe)
10:48:15 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50159, Process: winsvc.exe)
10:48:15 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50160, Process: winsvc.exe)
10:48:15 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50161, Process: winsvc.exe)
10:48:23 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50162, Process: winsvc.exe)
10:48:23 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50163, Process: winsvc.exe)
10:48:23 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50164, Process: winsvc.exe)
10:48:31 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50165, Process: winsvc.exe)
10:48:31 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50166, Process: winsvc.exe)
10:48:39 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50167, Process: winsvc.exe)
10:48:39 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50168, Process: winsvc.exe)
10:48:39 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50169, Process: winsvc.exe)
10:48:49 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50170, Process: winsvc.exe)
10:48:49 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50171, Process: winsvc.exe)
10:48:49 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50172, Process: winsvc.exe)
10:48:59 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50173, Process: winsvc.exe)
10:48:59 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50174, Process: winsvc.exe)
10:48:59 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50176, Process: winsvc.exe)
10:49:08 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50178, Process: winsvc.exe)
10:49:08 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50179, Process: winsvc.exe)
10:49:17 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50181, Process: winsvc.exe)
10:49:17 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50182, Process: winsvc.exe)
10:49:25 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50184, Process: winsvc.exe)
10:49:25 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50185, Process: winsvc.exe)
10:49:33 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50186, Process: winsvc.exe)
10:49:33 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50187, Process: winsvc.exe)
10:49:33 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50188, Process: winsvc.exe)
10:49:41 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50189, Process: winsvc.exe)
10:49:41 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50190, Process: winsvc.exe)
10:49:41 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50191, Process: winsvc.exe)
10:49:49 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50192, Process: winsvc.exe)
10:49:49 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50193, Process: winsvc.exe)
10:49:57 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50194, Process: winsvc.exe)
10:49:57 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50195, Process: winsvc.exe)
10:49:57 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50196, Process: winsvc.exe)
10:50:05 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50197, Process: winsvc.exe)
10:50:05 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50198, Process: winsvc.exe)
10:50:05 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50199, Process: winsvc.exe)
10:50:14 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50200, Process: winsvc.exe)
10:50:14 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50201, Process: winsvc.exe)
10:50:14 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50202, Process: winsvc.exe)
10:50:22 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50203, Process: winsvc.exe)
10:50:22 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50204, Process: winsvc.exe)
10:50:30 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50205, Process: winsvc.exe)
10:50:30 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50206, Process: winsvc.exe)
10:50:30 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50207, Process: winsvc.exe)
10:50:38 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50208, Process: winsvc.exe)
10:50:38 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50209, Process: winsvc.exe)
10:50:38 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50210, Process: winsvc.exe)
10:50:46 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50211, Process: winsvc.exe)
10:50:46 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50212, Process: winsvc.exe)
10:50:54 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50213, Process: winsvc.exe)
10:50:54 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50214, Process: winsvc.exe)
10:50:54 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50215, Process: winsvc.exe)
10:51:02 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50216, Process: winsvc.exe)
10:51:02 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50217, Process: winsvc.exe)
10:51:02 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50218, Process: winsvc.exe)
10:51:10 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50219, Process: winsvc.exe)
10:51:10 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50220, Process: winsvc.exe)
10:51:18 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50221, Process: winsvc.exe)
10:51:18 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50222, Process: winsvc.exe)
10:51:18 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50223, Process: winsvc.exe)
10:51:26 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50224, Process: winsvc.exe)
10:51:26 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50225, Process: winsvc.exe)
10:51:26 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50226, Process: winsvc.exe)
10:51:34 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50227, Process: winsvc.exe)
10:51:34 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50228, Process: winsvc.exe)
10:51:42 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50229, Process: winsvc.exe)
10:51:42 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50230, Process: winsvc.exe)
10:51:42 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50231, Process: winsvc.exe)
10:51:50 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50232, Process: winsvc.exe)
10:51:50 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50233, Process: winsvc.exe)
10:51:50 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50234, Process: winsvc.exe)
10:51:58 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50235, Process: winsvc.exe)
10:51:58 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50236, Process: winsvc.exe)
10:51:58 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50237, Process: winsvc.exe)
10:52:07 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50238, Process: winsvc.exe)
10:52:07 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50239, Process: winsvc.exe)
10:52:15 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50240, Process: winsvc.exe)
10:52:15 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50241, Process: winsvc.exe)
10:52:15 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50242, Process: winsvc.exe)
10:52:23 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50243, Process: winsvc.exe)
10:52:23 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50244, Process: winsvc.exe)
10:52:23 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50245, Process: winsvc.exe)
10:52:31 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50246, Process: winsvc.exe)
10:52:31 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50247, Process: winsvc.exe)
10:52:39 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50248, Process: winsvc.exe)
10:52:39 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50249, Process: winsvc.exe)
10:52:39 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50250, Process: winsvc.exe)
10:52:47 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50251, Process: winsvc.exe)
10:52:47 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50252, Process: winsvc.exe)
10:52:47 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50253, Process: winsvc.exe)
10:52:55 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50254, Process: winsvc.exe)
10:52:55 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50255, Process: winsvc.exe)
10:53:03 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50256, Process: winsvc.exe)
10:53:03 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50257, Process: winsvc.exe)
10:53:03 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50258, Process: winsvc.exe)
10:53:11 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50259, Process: winsvc.exe)
10:53:11 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50260, Process: winsvc.exe)
10:53:11 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50261, Process: winsvc.exe)
10:53:19 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50262, Process: winsvc.exe)
10:53:19 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50263, Process: winsvc.exe)
10:53:27 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50264, Process: winsvc.exe)
10:53:27 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50265, Process: winsvc.exe)
10:53:27 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50266, Process: winsvc.exe)
10:53:35 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50267, Process: winsvc.exe)
10:53:35 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50268, Process: winsvc.exe)
10:53:35 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50269, Process: winsvc.exe)
10:53:44 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50270, Process: winsvc.exe)
10:53:44 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50271, Process: winsvc.exe)
10:53:44 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50272, Process: winsvc.exe)
10:53:52 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50273, Process: winsvc.exe)
10:53:52 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50274, Process: winsvc.exe)
10:54:00 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50275, Process: winsvc.exe)
10:54:00 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50276, Process: winsvc.exe)
10:54:00 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50277, Process: winsvc.exe)
10:54:08 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50281, Process: winsvc.exe)
10:54:08 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50282, Process: winsvc.exe)
10:54:08 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50283, Process: winsvc.exe)
10:54:16 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50284, Process: winsvc.exe)
10:54:16 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50285, Process: winsvc.exe)
10:54:24 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50286, Process: winsvc.exe)
10:54:24 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50287, Process: winsvc.exe)
10:54:24 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50288, Process: winsvc.exe)
10:54:32 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50289, Process: winsvc.exe)
10:54:32 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50290, Process: winsvc.exe)
10:54:32 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50291, Process: winsvc.exe)
10:54:40 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50292, Process: winsvc.exe)
10:54:40 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50293, Process: winsvc.exe)
10:54:48 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50297, Process: winsvc.exe)
10:54:48 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50298, Process: winsvc.exe)
10:54:48 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50299, Process: winsvc.exe)
10:54:56 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50300, Process: winsvc.exe)
10:54:56 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50301, Process: winsvc.exe)
10:54:56 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50302, Process: winsvc.exe)
10:55:04 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50303, Process: winsvc.exe)
10:55:04 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50304, Process: winsvc.exe)
10:55:12 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50305, Process: winsvc.exe)
10:55:12 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50306, Process: winsvc.exe)
10:55:12 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50310, Process: winsvc.exe)
10:55:20 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50314, Process: winsvc.exe)
10:55:20 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50315, Process: winsvc.exe)
10:55:20 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50316, Process: winsvc.exe)
10:55:29 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50317, Process: winsvc.exe)
10:55:29 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50318, Process: winsvc.exe)
10:55:29 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50319, Process: winsvc.exe)
10:55:37 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50320, Process: winsvc.exe)
10:55:37 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50321, Process: winsvc.exe)
10:55:45 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50322, Process: winsvc.exe)
10:55:45 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50323, Process: winsvc.exe)
10:55:45 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50324, Process: winsvc.exe)
10:55:53 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50325, Process: winsvc.exe)
10:55:53 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50326, Process: winsvc.exe)
10:55:53 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50327, Process: winsvc.exe)
10:56:01 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50328, Process: winsvc.exe)
10:56:01 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50329, Process: winsvc.exe)
10:56:09 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50330, Process: winsvc.exe)
10:56:09 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50331, Process: winsvc.exe)
10:56:09 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50332, Process: winsvc.exe)
10:56:17 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50333, Process: winsvc.exe)
10:56:17 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50334, Process: winsvc.exe)
10:56:17 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50335, Process: winsvc.exe)
10:56:25 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50336, Process: winsvc.exe)
10:56:25 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50337, Process: winsvc.exe)
10:56:33 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50338, Process: winsvc.exe)
10:56:33 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50340, Process: winsvc.exe)
10:56:33 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50343, Process: winsvc.exe)
10:56:41 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50344, Process: winsvc.exe)
10:56:41 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50345, Process: winsvc.exe)
10:56:41 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50346, Process: winsvc.exe)
10:56:49 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50347, Process: winsvc.exe)
10:56:49 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50348, Process: winsvc.exe)
10:56:57 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50349, Process: winsvc.exe)
10:56:57 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50350, Process: winsvc.exe)
10:56:57 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50351, Process: winsvc.exe)
10:57:05 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50352, Process: winsvc.exe)
10:57:05 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50353, Process: winsvc.exe)
10:57:05 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50354, Process: winsvc.exe)
10:57:13 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50355, Process: winsvc.exe)
10:57:13 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50356, Process: winsvc.exe)
10:57:13 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50357, Process: winsvc.exe)
10:57:22 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50358, Process: winsvc.exe)
10:57:22 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50359, Process: winsvc.exe)
10:57:30 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50360, Process: winsvc.exe)
10:57:30 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50361, Process: winsvc.exe)
10:57:30 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50362, Process: winsvc.exe)
10:57:38 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50363, Process: winsvc.exe)
10:57:38 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50365, Process: winsvc.exe)
10:57:38 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50366, Process: winsvc.exe)
10:57:46 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50370, Process: winsvc.exe)
10:57:46 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50372, Process: winsvc.exe)
10:57:54 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50373, Process: winsvc.exe)
10:57:54 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50374, Process: winsvc.exe)
10:57:54 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50375, Process: winsvc.exe)
10:58:02 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50376, Process: winsvc.exe)
10:58:02 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50377, Process: winsvc.exe)
10:58:02 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50379, Process: winsvc.exe)
10:58:10 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50380, Process: winsvc.exe)
10:58:10 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50381, Process: winsvc.exe)
10:58:18 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50383, Process: winsvc.exe)
10:58:18 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50384, Process: winsvc.exe)
10:58:18 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50385, Process: winsvc.exe)
10:58:26 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50389, Process: winsvc.exe)
10:58:26 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50390, Process: winsvc.exe)
10:58:26 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50391, Process: winsvc.exe)
10:58:34 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50392, Process: winsvc.exe)
10:58:34 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50393, Process: winsvc.exe)
10:58:42 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50394, Process: winsvc.exe)
10:58:42 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50395, Process: winsvc.exe)
10:58:42 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50396, Process: winsvc.exe)
10:58:51 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50397, Process: winsvc.exe)
10:58:51 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50398, Process: winsvc.exe)
10:58:51 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50399, Process: winsvc.exe)
10:58:59 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50400, Process: winsvc.exe)
10:58:59 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50401, Process: winsvc.exe)
10:58:59 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50402, Process: winsvc.exe)
10:59:07 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50403, Process: winsvc.exe)
10:59:07 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50404, Process: winsvc.exe)
10:59:15 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50405, Process: winsvc.exe)
10:59:15 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50406, Process: winsvc.exe)
10:59:15 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50407, Process: winsvc.exe)
10:59:23 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50408, Process: winsvc.exe)
10:59:23 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50409, Process: winsvc.exe)
10:59:23 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50410, Process: winsvc.exe)
10:59:31 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50411, Process: winsvc.exe)
10:59:31 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50412, Process: winsvc.exe)
10:59:39 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50413, Process: winsvc.exe)
10:59:39 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50414, Process: winsvc.exe)
10:59:39 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50415, Process: winsvc.exe)
10:59:47 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50416, Process: winsvc.exe)
10:59:47 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50417, Process: winsvc.exe)
10:59:47 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50418, Process: winsvc.exe)
10:59:55 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50419, Process: winsvc.exe)
10:59:55 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50420, Process: winsvc.exe)
11:00:03 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50421, Process: winsvc.exe)
11:00:03 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50422, Process: winsvc.exe)
11:00:03 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50423, Process: winsvc.exe)
11:00:11 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50424, Process: winsvc.exe)
11:00:11 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50425, Process: winsvc.exe)
11:00:11 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50426, Process: winsvc.exe)
11:00:19 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50427, Process: winsvc.exe)
11:00:19 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50428, Process: winsvc.exe)
11:00:27 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50429, Process: winsvc.exe)
11:00:27 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50430, Process: winsvc.exe)
11:00:27 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50431, Process: winsvc.exe)
11:00:35 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50432, Process: winsvc.exe)
11:00:35 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50433, Process: winsvc.exe)
11:00:35 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50434, Process: winsvc.exe)
11:00:43 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50435, Process: winsvc.exe)
11:00:43 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50436, Process: winsvc.exe)
11:00:43 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50437, Process: winsvc.exe)
11:00:52 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50438, Process: winsvc.exe)
11:00:52 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50439, Process: winsvc.exe)
11:01:00 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50440, Process: winsvc.exe)
11:01:00 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50441, Process: winsvc.exe)
11:01:00 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50442, Process: winsvc.exe)
11:01:08 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50443, Process: winsvc.exe)
11:01:08 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50444, Process: winsvc.exe)
11:01:08 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50445, Process: winsvc.exe)
11:01:16 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50446, Process: winsvc.exe)
11:01:16 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50447, Process: winsvc.exe)
11:01:24 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50448, Process: winsvc.exe)
11:01:24 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50449, Process: winsvc.exe)
11:01:24 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50450, Process: winsvc.exe)
11:01:32 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50451, Process: winsvc.exe)
11:01:32 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50452, Process: winsvc.exe)
11:01:32 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50453, Process: winsvc.exe)
11:01:40 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50454, Process: winsvc.exe)
11:01:40 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50455, Process: winsvc.exe)
11:01:48 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50456, Process: winsvc.exe)
11:01:48 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50457, Process: winsvc.exe)
11:01:48 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50458, Process: winsvc.exe)
11:01:56 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50459, Process: winsvc.exe)
11:01:56 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50460, Process: winsvc.exe)
11:01:56 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50461, Process: winsvc.exe)
11:02:04 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50462, Process: winsvc.exe)
11:02:04 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50463, Process: winsvc.exe)
11:02:12 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50464, Process: winsvc.exe)
11:02:12 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50465, Process: winsvc.exe)
11:02:12 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50466, Process: winsvc.exe)
11:02:20 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50467, Process: winsvc.exe)
11:02:20 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50468, Process: winsvc.exe)
11:02:20 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50469, Process: winsvc.exe)
11:02:29 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50470, Process: winsvc.exe)
11:02:29 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50471, Process: winsvc.exe)
11:02:29 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50472, Process: winsvc.exe)
11:02:37 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50473, Process: winsvc.exe)
11:02:37 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50474, Process: winsvc.exe)
11:02:45 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50475, Process: winsvc.exe)
11:02:45 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50476, Process: winsvc.exe)
11:02:45 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50477, Process: winsvc.exe)
11:02:53 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50478, Process: winsvc.exe)
11:02:53 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50479, Process: winsvc.exe)
11:02:53 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50480, Process: winsvc.exe)
11:03:01 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50481, Process: winsvc.exe)
11:03:01 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50482, Process: winsvc.exe)
11:03:09 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50483, Process: winsvc.exe)
11:03:09 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50484, Process: winsvc.exe)
11:03:09 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50485, Process: winsvc.exe)
11:03:17 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50487, Process: winsvc.exe)
11:03:17 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50488, Process: winsvc.exe)
11:03:17 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50489, Process: winsvc.exe)
11:03:25 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50490, Process: winsvc.exe)
11:03:25 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50491, Process: winsvc.exe)
11:03:33 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50492, Process: winsvc.exe)
11:03:33 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50493, Process: winsvc.exe)
11:03:33 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50494, Process: winsvc.exe)
11:03:41 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50495, Process: winsvc.exe)
11:03:41 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50496, Process: winsvc.exe)
11:03:41 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50497, Process: winsvc.exe)
11:03:49 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50498, Process: winsvc.exe)
11:03:49 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50499, Process: winsvc.exe)
11:03:57 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50500, Process: winsvc.exe)
11:03:57 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50501, Process: winsvc.exe)
11:03:57 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50502, Process: winsvc.exe)
11:04:05 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50503, Process: winsvc.exe)
11:04:06 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50504, Process: winsvc.exe)
11:04:06 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50505, Process: winsvc.exe)
11:04:14 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50506, Process: winsvc.exe)
11:04:14 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50507, Process: winsvc.exe)
11:04:14 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50508, Process: winsvc.exe)
11:04:22 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50509, Process: winsvc.exe)
11:04:22 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50510, Process: winsvc.exe)
11:04:30 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50511, Process: winsvc.exe)
11:04:30 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50512, Process: winsvc.exe)
11:04:30 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50513, Process: winsvc.exe)
11:04:38 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50514, Process: winsvc.exe)
11:04:38 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50515, Process: winsvc.exe)
11:04:38 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50520, Process: winsvc.exe)
11:04:46 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50521, Process: winsvc.exe)
11:04:46 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50522, Process: winsvc.exe)
11:04:54 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50523, Process: winsvc.exe)
11:04:54 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50524, Process: winsvc.exe)
11:04:54 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50525, Process: winsvc.exe)
11:05:02 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50526, Process: winsvc.exe)
11:05:02 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50527, Process: winsvc.exe)
11:05:02 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50528, Process: winsvc.exe)
11:05:10 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50529, Process: winsvc.exe)
11:05:10 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50530, Process: winsvc.exe)
11:05:18 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50531, Process: winsvc.exe)
11:05:18 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50532, Process: winsvc.exe)
11:05:18 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50533, Process: winsvc.exe)
11:05:26 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50534, Process: winsvc.exe)
11:05:26 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50535, Process: winsvc.exe)
11:05:26 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50536, Process: winsvc.exe)
11:05:34 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50537, Process: winsvc.exe)
11:05:34 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50538, Process: winsvc.exe)
11:05:42 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50539, Process: winsvc.exe)
11:05:42 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50540, Process: winsvc.exe)
11:05:42 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50541, Process: winsvc.exe)
11:05:50 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50542, Process: winsvc.exe)
11:05:50 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50543, Process: winsvc.exe)
11:05:50 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50544, Process: winsvc.exe)
11:05:58 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50545, Process: winsvc.exe)
11:05:58 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50546, Process: winsvc.exe)
11:06:07 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50548, Process: winsvc.exe)
11:06:07 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50549, Process: winsvc.exe)
11:06:15 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50550, Process: winsvc.exe)
11:06:15 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50551, Process: winsvc.exe)
11:06:15 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50552, Process: winsvc.exe)
11:06:23 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50553, Process: winsvc.exe)
11:06:23 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50554, Process: winsvc.exe)
11:06:23 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50555, Process: winsvc.exe)
11:06:31 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50556, Process: winsvc.exe)
11:06:31 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50557, Process: winsvc.exe)
11:06:39 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50558, Process: winsvc.exe)
11:06:39 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50559, Process: winsvc.exe)
11:06:39 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50560, Process: winsvc.exe)
11:06:47 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50561, Process: winsvc.exe)
11:06:47 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50562, Process: winsvc.exe)
11:06:47 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50563, Process: winsvc.exe)
11:06:55 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50564, Process: winsvc.exe)
11:06:55 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50565, Process: winsvc.exe)
11:07:03 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50566, Process: winsvc.exe)
11:07:03 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50567, Process: winsvc.exe)
11:07:03 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50568, Process: winsvc.exe)
11:07:11 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50569, Process: winsvc.exe)
11:07:11 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50570, Process: winsvc.exe)
11:07:11 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50571, Process: winsvc.exe)
11:07:19 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50572, Process: winsvc.exe)
11:07:19 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50573, Process: winsvc.exe)
11:07:27 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50574, Process: winsvc.exe)
11:07:27 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50575, Process: winsvc.exe)
11:07:27 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50576, Process: winsvc.exe)
11:07:35 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50577, Process: winsvc.exe)
11:07:35 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50578, Process: winsvc.exe)
11:07:35 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50579, Process: winsvc.exe)
11:07:44 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50580, Process: winsvc.exe)
11:07:44 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50581, Process: winsvc.exe)
11:07:44 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50582, Process: winsvc.exe)
11:07:52 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50583, Process: winsvc.exe)
11:07:52 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50584, Process: winsvc.exe)
11:08:00 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50585, Process: winsvc.exe)
11:08:00 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50586, Process: winsvc.exe)
11:08:00 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50587, Process: winsvc.exe)
11:08:08 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50588, Process: winsvc.exe)
11:08:08 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50589, Process: winsvc.exe)
11:08:08 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50590, Process: winsvc.exe)
11:08:16 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50592, Process: winsvc.exe)
11:08:16 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50593, Process: winsvc.exe)
11:08:24 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50594, Process: winsvc.exe)
11:08:24 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50595, Process: winsvc.exe)
11:08:24 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50596, Process: winsvc.exe)
11:08:32 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50597, Process: winsvc.exe)
11:08:32 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50598, Process: winsvc.exe)
11:08:32 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50599, Process: winsvc.exe)
11:08:40 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50600, Process: winsvc.exe)
11:08:40 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50601, Process: winsvc.exe)
11:08:48 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50602, Process: winsvc.exe)
11:08:48 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50603, Process: winsvc.exe)
11:08:48 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50604, Process: winsvc.exe)
11:08:56 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50605, Process: winsvc.exe)
11:08:56 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50606, Process: winsvc.exe)
11:08:56 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50607, Process: winsvc.exe)
11:09:04 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50608, Process: winsvc.exe)
11:09:04 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50609, Process: winsvc.exe)
11:09:12 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50610, Process: winsvc.exe)
11:09:12 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50611, Process: winsvc.exe)
11:09:12 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50612, Process: winsvc.exe)
11:09:20 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50613, Process: winsvc.exe)
11:09:20 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50614, Process: winsvc.exe)
11:09:20 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50615, Process: winsvc.exe)
11:09:28 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50616, Process: winsvc.exe)
11:09:29 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50617, Process: winsvc.exe)
11:09:37 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50619, Process: winsvc.exe)
11:09:37 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50620, Process: winsvc.exe)
11:09:45 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50621, Process: winsvc.exe)
11:09:45 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50622, Process: winsvc.exe)
11:09:45 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50623, Process: winsvc.exe)
11:09:53 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50624, Process: winsvc.exe)
11:09:53 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50625, Process: winsvc.exe)
11:09:53 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50626, Process: winsvc.exe)
11:10:01 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50627, Process: winsvc.exe)
11:10:01 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50628, Process: winsvc.exe)
11:10:09 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50629, Process: winsvc.exe)
11:10:09 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50630, Process: winsvc.exe)
11:10:09 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50631, Process: winsvc.exe)
11:10:17 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50632, Process: winsvc.exe)
11:10:17 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50633, Process: winsvc.exe)
11:10:17 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50634, Process: winsvc.exe)
11:10:25 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50635, Process: winsvc.exe)
11:10:25 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50636, Process: winsvc.exe)
11:10:33 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50637, Process: winsvc.exe)
11:10:33 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50638, Process: winsvc.exe)
11:10:33 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50639, Process: winsvc.exe)
11:10:41 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50640, Process: winsvc.exe)
11:10:41 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50641, Process: winsvc.exe)
11:10:41 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50642, Process: winsvc.exe)
11:10:49 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50643, Process: winsvc.exe)
11:10:49 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50644, Process: winsvc.exe)
11:10:57 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50645, Process: winsvc.exe)
11:10:57 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50646, Process: winsvc.exe)
11:10:57 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50647, Process: winsvc.exe)
11:11:05 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50648, Process: winsvc.exe)
11:11:05 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50649, Process: winsvc.exe)
11:11:05 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50650, Process: winsvc.exe)
11:11:13 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50651, Process: winsvc.exe)
11:11:13 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50652, Process: winsvc.exe)
11:11:22 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50653, Process: winsvc.exe)
11:11:22 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50654, Process: winsvc.exe)
11:11:22 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50655, Process: winsvc.exe)
11:11:30 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50656, Process: winsvc.exe)
11:11:30 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50657, Process: winsvc.exe)
11:11:30 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50658, Process: winsvc.exe)
11:11:38 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50659, Process: winsvc.exe)
11:11:38 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50660, Process: winsvc.exe)
11:11:38 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50661, Process: winsvc.exe)
11:11:46 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50662, Process: winsvc.exe)
11:11:46 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50663, Process: winsvc.exe)
11:11:54 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50664, Process: winsvc.exe)
11:11:54 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50665, Process: winsvc.exe)
11:11:54 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50666, Process: winsvc.exe)
11:12:02 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50667, Process: winsvc.exe)
11:12:02 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50668, Process: winsvc.exe)
11:12:02 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50669, Process: winsvc.exe)
11:12:10 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50670, Process: winsvc.exe)
11:12:10 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50671, Process: winsvc.exe)
11:12:18 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50672, Process: winsvc.exe)
11:12:18 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50673, Process: winsvc.exe)
11:12:18 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50674, Process: winsvc.exe)
11:12:26 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50675, Process: winsvc.exe)
11:12:26 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50676, Process: winsvc.exe)
11:12:26 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50677, Process: winsvc.exe)
11:12:34 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50678, Process: winsvc.exe)
11:12:34 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50679, Process: winsvc.exe)
11:12:42 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50680, Process: winsvc.exe)
11:12:42 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50681, Process: winsvc.exe)
11:12:42 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50682, Process: winsvc.exe)
11:12:50 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50683, Process: winsvc.exe)
11:12:50 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50684, Process: winsvc.exe)
11:12:50 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50685, Process: winsvc.exe)
11:12:59 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50686, Process: winsvc.exe)
11:12:59 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50687, Process: winsvc.exe)
11:13:07 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50689, Process: winsvc.exe)
11:13:07 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50690, Process: winsvc.exe)
11:13:15 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50691, Process: winsvc.exe)
11:13:15 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50693, Process: winsvc.exe)
11:13:15 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50694, Process: winsvc.exe)
11:13:23 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50695, Process: winsvc.exe)
11:13:23 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50696, Process: winsvc.exe)
11:13:23 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50697, Process: winsvc.exe)
11:13:31 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50698, Process: winsvc.exe)
11:13:31 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50699, Process: winsvc.exe)
11:13:39 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50700, Process: winsvc.exe)
11:13:39 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50701, Process: winsvc.exe)
11:13:39 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50702, Process: winsvc.exe)
11:13:47 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50703, Process: winsvc.exe)
11:13:47 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50704, Process: winsvc.exe)
11:13:47 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50705, Process: winsvc.exe)
11:13:55 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50706, Process: winsvc.exe)
11:13:55 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50707, Process: winsvc.exe)
11:14:03 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50708, Process: winsvc.exe)
11:14:03 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50709, Process: winsvc.exe)
11:14:03 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50710, Process: winsvc.exe)
11:14:11 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50711, Process: winsvc.exe)
11:14:11 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50712, Process: winsvc.exe)
11:14:11 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50713, Process: winsvc.exe)
11:14:19 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50714, Process: winsvc.exe)
11:14:19 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50715, Process: winsvc.exe)
11:14:28 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50716, Process: winsvc.exe)
11:14:28 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50717, Process: winsvc.exe)
11:14:28 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50718, Process: winsvc.exe)
11:14:36 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50719, Process: winsvc.exe)
11:14:36 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50720, Process: winsvc.exe)
11:14:36 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50721, Process: winsvc.exe)
11:14:44 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50722, Process: winsvc.exe)
11:14:44 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50723, Process: winsvc.exe)
11:14:44 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50724, Process: winsvc.exe)
11:14:52 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50725, Process: winsvc.exe)
11:14:52 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50726, Process: winsvc.exe)
11:15:00 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50727, Process: winsvc.exe)
11:15:00 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50728, Process: winsvc.exe)
11:15:00 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50729, Process: winsvc.exe)
11:15:08 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50730, Process: winsvc.exe)
11:15:08 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50731, Process: winsvc.exe)
11:15:08 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50732, Process: winsvc.exe)
11:15:16 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50733, Process: winsvc.exe)
11:15:16 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50734, Process: winsvc.exe)
11:15:24 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50735, Process: winsvc.exe)
11:15:24 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50736, Process: winsvc.exe)
11:15:24 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50737, Process: winsvc.exe)
11:15:32 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50738, Process: winsvc.exe)
11:15:32 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50739, Process: winsvc.exe)
11:15:32 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50740, Process: winsvc.exe)
11:15:40 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50741, Process: winsvc.exe)
11:15:40 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50742, Process: winsvc.exe)
11:15:48 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50743, Process: winsvc.exe)
11:15:48 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50744, Process: winsvc.exe)
11:15:48 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50745, Process: winsvc.exe)
11:15:56 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50746, Process: winsvc.exe)
11:15:56 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50747, Process: winsvc.exe)
11:15:56 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50748, Process: winsvc.exe)
11:16:04 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50749, Process: winsvc.exe)
11:16:04 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50750, Process: winsvc.exe)
11:16:12 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50751, Process: winsvc.exe)
11:16:12 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50752, Process: winsvc.exe)
11:16:12 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50753, Process: winsvc.exe)
11:16:20 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50754, Process: winsvc.exe)
11:16:20 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50755, Process: winsvc.exe)
11:16:21 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50756, Process: winsvc.exe)
11:16:29 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50757, Process: winsvc.exe)
11:16:29 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50758, Process: winsvc.exe)
11:16:37 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50760, Process: winsvc.exe)
11:16:37 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50761, Process: winsvc.exe)
11:16:45 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50762, Process: winsvc.exe)
11:16:45 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50763, Process: winsvc.exe)
11:16:45 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50764, Process: winsvc.exe)
11:16:53 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50765, Process: winsvc.exe)
11:16:53 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50766, Process: winsvc.exe)
11:16:53 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50767, Process: winsvc.exe)
11:17:01 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50768, Process: winsvc.exe)
11:17:01 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50769, Process: winsvc.exe)
11:17:09 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50770, Process: winsvc.exe)
11:17:09 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50771, Process: winsvc.exe)
11:17:09 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50772, Process: winsvc.exe)
11:17:17 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50773, Process: winsvc.exe)
11:17:17 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50774, Process: winsvc.exe)
11:17:17 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50775, Process: winsvc.exe)
11:17:25 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50776, Process: winsvc.exe)
11:17:25 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50777, Process: winsvc.exe)
11:17:33 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50778, Process: winsvc.exe)
11:17:33 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50779, Process: winsvc.exe)
11:17:33 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50780, Process: winsvc.exe)
11:17:41 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50781, Process: winsvc.exe)
11:17:41 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50782, Process: winsvc.exe)
11:17:41 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50783, Process: winsvc.exe)
11:17:49 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50784, Process: winsvc.exe)
11:17:49 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50785, Process: winsvc.exe)
11:17:57 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50786, Process: winsvc.exe)
11:17:57 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50787, Process: winsvc.exe)
11:17:57 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50788, Process: winsvc.exe)
11:18:06 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50789, Process: winsvc.exe)
11:18:06 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50790, Process: winsvc.exe)
11:18:06 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50791, Process: winsvc.exe)
11:18:14 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50792, Process: winsvc.exe)
11:18:14 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50794, Process: winsvc.exe)
11:18:14 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50795, Process: winsvc.exe)
11:18:22 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50796, Process: winsvc.exe)
11:18:22 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50797, Process: winsvc.exe)
11:18:30 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50798, Process: winsvc.exe)
11:18:30 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50799, Process: winsvc.exe)
11:18:30 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50800, Process: winsvc.exe)
11:18:38 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50801, Process: winsvc.exe)
11:18:38 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50802, Process: winsvc.exe)
11:18:38 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50803, Process: winsvc.exe)
11:18:46 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50804, Process: winsvc.exe)
11:18:46 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50805, Process: winsvc.exe)
11:18:54 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50806, Process: winsvc.exe)
11:18:54 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50807, Process: winsvc.exe)
11:18:54 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50808, Process: winsvc.exe)
11:19:02 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50809, Process: winsvc.exe)
11:19:02 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50810, Process: winsvc.exe)
11:19:02 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50811, Process: winsvc.exe)
11:19:10 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50812, Process: winsvc.exe)
11:19:10 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50813, Process: winsvc.exe)
11:19:18 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50814, Process: winsvc.exe)
11:19:18 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50815, Process: winsvc.exe)
11:19:18 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50816, Process: winsvc.exe)
11:19:26 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50817, Process: winsvc.exe)
11:19:26 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50818, Process: winsvc.exe)
11:19:26 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50819, Process: winsvc.exe)
11:19:34 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50820, Process: winsvc.exe)
11:19:34 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50821, Process: winsvc.exe)
11:19:42 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50822, Process: winsvc.exe)
11:19:42 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50823, Process: winsvc.exe)
11:19:42 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50824, Process: winsvc.exe)
11:19:51 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50825, Process: winsvc.exe)
11:19:51 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50826, Process: winsvc.exe)
11:19:51 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50827, Process: winsvc.exe)
11:19:59 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50828, Process: winsvc.exe)
11:19:59 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50829, Process: winsvc.exe)
11:20:07 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50831, Process: winsvc.exe)
11:20:07 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50832, Process: winsvc.exe)
11:20:15 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50833, Process: winsvc.exe)
11:20:15 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50834, Process: winsvc.exe)
11:20:15 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50835, Process: winsvc.exe)
11:20:23 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50836, Process: winsvc.exe)
11:20:23 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50837, Process: winsvc.exe)
11:20:23 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50838, Process: winsvc.exe)
11:20:31 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50839, Process: winsvc.exe)
11:20:31 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50840, Process: winsvc.exe)
11:20:39 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50841, Process: winsvc.exe)
11:20:39 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50842, Process: winsvc.exe)
11:20:39 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50843, Process: winsvc.exe)
11:20:47 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50844, Process: winsvc.exe)
11:20:47 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50845, Process: winsvc.exe)
11:20:55 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50846, Process: winsvc.exe)
11:20:55 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50847, Process: winsvc.exe)
11:20:55 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50848, Process: winsvc.exe)
11:21:03 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50849, Process: winsvc.exe)
11:21:03 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50850, Process: winsvc.exe)
11:21:03 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50851, Process: winsvc.exe)
11:21:11 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50852, Process: winsvc.exe)
11:21:11 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50853, Process: winsvc.exe)
11:21:19 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50855, Process: winsvc.exe)
11:21:19 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50856, Process: winsvc.exe)
11:21:27 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50857, Process: winsvc.exe)
11:21:27 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50858, Process: winsvc.exe)
11:21:27 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50859, Process: winsvc.exe)
11:21:36 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50860, Process: winsvc.exe)
11:21:36 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50861, Process: winsvc.exe)
11:21:36 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50862, Process: winsvc.exe)
11:21:44 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50863, Process: winsvc.exe)
11:21:44 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50864, Process: winsvc.exe)
11:21:52 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50865, Process: winsvc.exe)
11:21:52 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50866, Process: winsvc.exe)
11:21:52 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50867, Process: winsvc.exe)
11:22:00 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50868, Process: winsvc.exe)
11:22:00 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50869, Process: winsvc.exe)
11:22:00 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50870, Process: winsvc.exe)
11:22:08 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50871, Process: winsvc.exe)
11:22:08 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50872, Process: winsvc.exe)
11:22:16 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50873, Process: winsvc.exe)
11:22:16 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50874, Process: winsvc.exe)
11:22:16 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50875, Process: winsvc.exe)
11:22:24 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50876, Process: winsvc.exe)
11:22:24 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50877, Process: winsvc.exe)
11:22:24 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50878, Process: winsvc.exe)
11:22:32 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50879, Process: winsvc.exe)
11:22:32 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50880, Process: winsvc.exe)
11:22:40 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50881, Process: winsvc.exe)
11:22:40 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50882, Process: winsvc.exe)
11:22:40 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50883, Process: winsvc.exe)
11:22:48 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50884, Process: winsvc.exe)
11:22:48 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50885, Process: winsvc.exe)
11:22:48 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50886, Process: winsvc.exe)
11:22:56 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50887, Process: winsvc.exe)
11:22:56 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50888, Process: winsvc.exe)
11:23:04 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50889, Process: winsvc.exe)
11:23:04 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50890, Process: winsvc.exe)
11:23:04 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50891, Process: winsvc.exe)
11:23:12 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50892, Process: winsvc.exe)
11:23:12 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50893, Process: winsvc.exe)
11:23:12 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50895, Process: winsvc.exe)
11:23:20 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50896, Process: winsvc.exe)
11:23:20 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50897, Process: winsvc.exe)
11:23:20 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50898, Process: winsvc.exe)
11:23:29 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50899, Process: winsvc.exe)
11:23:29 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50900, Process: winsvc.exe)
11:23:37 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50901, Process: winsvc.exe)
11:23:37 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50902, Process: winsvc.exe)
11:23:37 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50903, Process: winsvc.exe)
11:23:45 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50904, Process: winsvc.exe)
11:23:45 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50905, Process: winsvc.exe)
11:23:45 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50906, Process: winsvc.exe)
11:23:53 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50907, Process: winsvc.exe)
11:23:53 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50908, Process: winsvc.exe)
11:24:01 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50909, Process: winsvc.exe)
11:24:01 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50910, Process: winsvc.exe)
11:24:01 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50911, Process: winsvc.exe)
11:24:09 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50912, Process: winsvc.exe)
11:24:09 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50913, Process: winsvc.exe)
11:24:09 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50914, Process: winsvc.exe)
11:24:17 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50915, Process: winsvc.exe)
11:24:17 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50916, Process: winsvc.exe)
11:24:25 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50917, Process: winsvc.exe)
11:24:25 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50918, Process: winsvc.exe)
11:24:25 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50919, Process: winsvc.exe)
11:24:33 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50920, Process: winsvc.exe)
11:24:33 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50921, Process: winsvc.exe)
11:24:33 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50922, Process: winsvc.exe)
11:24:41 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50923, Process: winsvc.exe)
11:24:41 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50928, Process: winsvc.exe)
11:24:49 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50929, Process: winsvc.exe)
11:24:49 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50930, Process: winsvc.exe)
11:24:49 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50931, Process: winsvc.exe)
11:24:57 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50932, Process: winsvc.exe)
11:24:57 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50933, Process: winsvc.exe)
11:24:57 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50934, Process: winsvc.exe)
11:25:05 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50935, Process: winsvc.exe)
11:25:05 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50936, Process: winsvc.exe)
11:25:13 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50938, Process: winsvc.exe)
11:25:13 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50939, Process: winsvc.exe)
11:25:21 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50940, Process: winsvc.exe)
11:25:21 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50941, Process: winsvc.exe)
11:25:21 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50942, Process: winsvc.exe)
11:25:30 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50943, Process: winsvc.exe)
11:25:30 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50944, Process: winsvc.exe)
11:25:30 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50945, Process: winsvc.exe)
11:25:38 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50946, Process: winsvc.exe)
11:25:38 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50947, Process: winsvc.exe)
11:25:46 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50948, Process: winsvc.exe)
11:25:46 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50949, Process: winsvc.exe)
11:25:46 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50950, Process: winsvc.exe)
11:25:54 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50951, Process: winsvc.exe)
11:25:54 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50952, Process: winsvc.exe)
11:25:54 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50953, Process: winsvc.exe)
11:26:02 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50954, Process: winsvc.exe)
11:26:02 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50955, Process: winsvc.exe)
11:26:10 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50956, Process: winsvc.exe)
11:26:10 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50957, Process: winsvc.exe)
11:26:10 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50958, Process: winsvc.exe)
11:26:18 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50959, Process: winsvc.exe)
11:26:18 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50960, Process: winsvc.exe)
11:26:18 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50961, Process: winsvc.exe)
11:26:26 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50962, Process: winsvc.exe)
11:26:26 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50963, Process: winsvc.exe)
11:26:34 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50964, Process: winsvc.exe)
11:26:34 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50965, Process: winsvc.exe)
11:26:34 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50966, Process: winsvc.exe)
11:26:42 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50967, Process: winsvc.exe)
11:26:42 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50968, Process: winsvc.exe)
11:26:42 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50969, Process: winsvc.exe)
11:26:50 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50970, Process: winsvc.exe)
11:26:50 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50971, Process: winsvc.exe)
11:26:58 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50973, Process: winsvc.exe)
11:26:58 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50974, Process: winsvc.exe)
11:27:07 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50975, Process: winsvc.exe)
11:27:07 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50976, Process: winsvc.exe)
11:27:07 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50977, Process: winsvc.exe)
11:27:15 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50978, Process: winsvc.exe)
11:27:15 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50979, Process: winsvc.exe)
11:27:15 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50980, Process: winsvc.exe)
11:27:23 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50981, Process: winsvc.exe)
11:27:23 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50982, Process: winsvc.exe)
11:27:31 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50983, Process: winsvc.exe)
11:27:31 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50984, Process: winsvc.exe)
11:27:31 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50985, Process: winsvc.exe)
11:27:39 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50986, Process: winsvc.exe)
11:27:39 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50987, Process: winsvc.exe)
11:27:39 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50988, Process: winsvc.exe)
11:27:47 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50989, Process: winsvc.exe)
11:27:47 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50990, Process: winsvc.exe)
11:27:55 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50991, Process: winsvc.exe)
11:27:55 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50992, Process: winsvc.exe)
11:27:55 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50993, Process: winsvc.exe)
11:28:03 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50994, Process: winsvc.exe)
11:28:03 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50995, Process: winsvc.exe)
11:28:03 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50996, Process: winsvc.exe)
11:28:11 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50997, Process: winsvc.exe)
11:28:11 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50999, Process: winsvc.exe)
11:28:19 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 51000, Process: winsvc.exe)
11:28:19 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 51001, Process: winsvc.exe)
11:28:19 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 51002, Process: winsvc.exe)
11:28:27 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 51003, Process: winsvc.exe)
11:28:27 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 51004, Process: winsvc.exe)
11:28:27 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 51005, Process: winsvc.exe)
11:28:35 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 51006, Process: winsvc.exe)
11:28:35 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 51007, Process: winsvc.exe)
11:28:43 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 51008, Process: winsvc.exe)
11:28:43 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 51009, Process: winsvc.exe)
11:28:43 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 51010, Process: winsvc.exe)
11:28:51 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 51011, Process: winsvc.exe)
11:28:51 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 51012, Process: winsvc.exe)
11:28:51 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 51013, Process: winsvc.exe)
11:28:59 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 51014, Process: winsvc.exe)
11:28:59 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 51015, Process: winsvc.exe)
11:28:59 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 51016, Process: winsvc.exe)
11:29:08 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 51017, Process: winsvc.exe)
11:29:08 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 51018, Process: winsvc.exe)
11:29:16 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 51019, Process: winsvc.exe)
11:29:16 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 51020, Process: winsvc.exe)
11:29:16 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 51021, Process: winsvc.exe)
11:29:24 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 51022, Process: winsvc.exe)
11:29:24 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 51023, Process: winsvc.exe)
11:29:24 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 51024, Process: winsvc.exe)
11:29:32 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 51025, Process: winsvc.exe)
11:29:32 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 51026, Process: winsvc.exe)
11:29:40 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 51027, Process: winsvc.exe)
11:29:40 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 51028, Process: winsvc.exe)
11:29:40 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 51029, Process: winsvc.exe)
11:29:48 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 51030, Process: winsvc.exe)
11:29:48 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 51031, Process: winsvc.exe)
11:29:48 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 51032, Process: winsvc.exe)
11:29:56 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 51033, Process: winsvc.exe)
11:29:56 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 51034, Process: winsvc.exe)
11:30:04 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 51035, Process: winsvc.exe)
11:30:04 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 51036, Process: winsvc.exe)
11:30:04 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 51037, Process: winsvc.exe)
11:30:12 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 51038, Process: winsvc.exe)
11:30:12 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 51039, Process: winsvc.exe)
11:30:12 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 51040, Process: winsvc.exe)
11:30:20 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 51041, Process: winsvc.exe)
11:30:20 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 51042, Process: winsvc.exe)
11:30:28 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 51043, Process: winsvc.exe)
11:30:28 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 51044, Process: winsvc.exe)
11:30:28 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 51045, Process: winsvc.exe)
11:30:36 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 51046, Process: winsvc.exe)
11:30:36 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 51047, Process: winsvc.exe)
11:30:36 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 51048, Process: winsvc.exe)
11:30:44 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 51049, Process: winsvc.exe)
11:30:44 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 51050, Process: winsvc.exe)
11:30:52 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 51051, Process: winsvc.exe)
11:30:52 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 51052, Process: winsvc.exe)
11:30:52 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 51053, Process: winsvc.exe)
11:31:00 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 51054, Process: winsvc.exe)
11:31:00 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 51055, Process: winsvc.exe)
11:31:00 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 51056, Process: winsvc.exe)
11:31:09 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 51057, Process: winsvc.exe)
11:31:09 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 51058, Process: winsvc.exe)
11:31:09 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 51059, Process: winsvc.exe)
11:31:17 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 51060, Process: winsvc.exe)
11:31:17 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 51061, Process: winsvc.exe)
11:31:25 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 51062, Process: winsvc.exe)
11:31:25 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 51063, Process: winsvc.exe)
11:31:25 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 51064, Process: winsvc.exe)
11:31:33 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 51065, Process: winsvc.exe)
11:31:33 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 51066, Process: winsvc.exe)
11:31:33 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 51067, Process: winsvc.exe)
11:31:41 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 51068, Process: winsvc.exe)
11:31:41 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 51069, Process: winsvc.exe)
11:31:49 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 51070, Process: winsvc.exe)
11:31:49 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 51071, Process: winsvc.exe)
11:31:49 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 51072, Process: winsvc.exe)
11:31:57 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 51073, Process: winsvc.exe)
11:31:57 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 51074, Process: winsvc.exe)
11:31:57 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 51075, Process: winsvc.exe)
11:32:05 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 51076, Process: winsvc.exe)
11:32:05 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 51077, Process: winsvc.exe)
11:32:13 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 51078, Process: winsvc.exe)
11:32:13 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 51079, Process: winsvc.exe)
11:32:13 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 51080, Process: winsvc.exe)
11:32:21 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 51081, Process: winsvc.exe)
11:32:21 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 51082, Process: winsvc.exe)
11:32:21 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 51083, Process: winsvc.exe)
11:32:29 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 51084, Process: winsvc.exe)
11:32:29 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 51085, Process: winsvc.exe)
11:32:37 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 51086, Process: winsvc.exe)
11:32:37 Maus IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 51087, Process: winsvc.exe)
11:35:08 Maus MESSAGE Protection started successfully
11:35:13 Maus MESSAGE IP Protection started successfully
13:41:27 Maus MESSAGE Protection started successfully
13:41:31 Maus MESSAGE IP Protection started successfully
22:27:36 Maus MESSAGE Protection started successfully
__________________

Alt 02.11.2011, 08:32   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Facebook Trojaner und Co. KG - Standard

Facebook Trojaner und Co. KG



Führ bitte auch ESET aus, danach sehen wir weiter:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 02.11.2011, 10:06   #5
RayCell-365
 
Facebook Trojaner und Co. KG - Standard

Facebook Trojaner und Co. KG



Servus,
Wie bereits vermutet musste ich C:\user\Maus\AppData\Roaming\AA97C\Lvvm.exe aus der Quarantäne entlassen und ausführen (trotz tausend Warnmeldungen) um von diesem Laptop aus auf das Internet zugreifen zu können.

Nach dem ESET scan habe ich die oben genannte Datei noch mal durch Malewarebytes laufen lassen

Zitat:
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Datenbank Version: 8064

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

02.11.2011 10:58:00
mbam-log-2011-11-02 (10-58-00).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 1
Laufzeit: 4 Sekunde(n)

Infizierte Speicherprozesse: 1
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 1
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1

Infizierte Speicherprozesse:
c:\Users\Maus\AppData\Roaming\AA97C\lvvm.exe (Trojan.Agent) -> 4268 -> Unloaded process successfully.

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Load (Trojan.Agent) -> Bad: (C:\Users\Maus\AppData\Roaming\AA97C\lvvm.exe) Good: () -> Quarantined and deleted successfully.

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\Users\Maus\AppData\Roaming\AA97C\lvvm.exe (Trojan.Agent) -> Quarantined and deleted successfully.
Hier der ESET scan
Mit Freundlichen Grüßen
Zitat:
ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.7600.16385 (win7_rtm.090713-1255)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=0723a4e0a4275d4e9cb5bbe67bdde55f
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-11-02 09:54:25
# local_time=2011-11-02 10:54:25 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7600 NT
# compatibility_mode=1797 16775165 100 94 263946 56757282 147190 0
# compatibility_mode=5893 16776573 100 94 4386 71853911 0 0
# compatibility_mode=8192 67108863 100 0 3758 3758 0 0
# scanned=175348
# found=6
# cleaned=0
# scan_time=3603
C:\Users\Maus\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WKEVV4SE\r[1].exe a variant of Win32/AutoRun.Injector.AM worm (unable to clean) 00000000000000000000000000000000 I
C:\Users\Maus\AppData\Local\Temp\26830.exe a variant of Win32/AutoRun.Injector.AM worm (unable to clean) 00000000000000000000000000000000 I
C:\Users\Maus\AppData\Local\Temp\51375.exe a variant of Win32/AutoRun.Injector.AM worm (unable to clean) 00000000000000000000000000000000 I
C:\Users\Maus\AppData\Roaming\AA97C\lvvm.exe a variant of Win32/Kryptik.USX trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Maus\AppData\Roaming\Microsoft\3D75\6FF2.tmp a variant of Win32/Kryptik.USA trojan (unable to clean) 00000000000000000000000000000000 I
${Memory} multiple threats 00000000000000000000000000000000 I


Alt 02.11.2011, 10:30   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Facebook Trojaner und Co. KG - Standard

Facebook Trojaner und Co. KG



Mach bitte ein neues OTL-Log

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die OTL.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet
Code:
ATTFilter
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Klick auf .
  • Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread
__________________
--> Facebook Trojaner und Co. KG

Alt 02.11.2011, 11:53   #7
RayCell-365
 
Facebook Trojaner und Co. KG - Standard

Facebook Trojaner und Co. KG



Hier der OTL Scan

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 02.11.2011 12:40:26 - Run 1
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Maus\Desktop
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,93 Gb Total Physical Memory | 2,42 Gb Available Physical Memory | 61,64% Memory free
7,85 Gb Paging File | 6,20 Gb Available in Paging File | 79,03% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 74,52 Gb Total Space | 7,79 Gb Free Space | 10,45% Space Free | Partition Type: NTFS
Drive D: | 204,03 Gb Total Space | 203,94 Gb Free Space | 99,95% Space Free | Partition Type: NTFS
Drive E: | 327,38 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive F: | 149,04 Gb Total Space | 138,32 Gb Free Space | 92,81% Space Free | Partition Type: NTFS
Drive G: | 149,05 Gb Total Space | 30,36 Gb Free Space | 20,37% Space Free | Partition Type: NTFS
 
Computer Name: MAUS-PC | User Name: Maus | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.11.02 12:36:29 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Maus\Desktop\OTL.exe
PRC - [2011.11.02 10:59:36 | 000,190,464 | ---- | M] () -- C:\Users\Maus\AppData\Roaming\AA97C\lvvm.exe
PRC - [2011.11.02 09:43:08 | 000,174,592 | ---- | M] () -- C:\Users\Maus\AppData\Roaming\5DCAA\A9CDC.exe
PRC - [2011.11.02 09:42:24 | 000,286,720 | ---- | M] () -- C:\Users\Maus\AppData\Roaming\Microsoft\DC55\06D.exe
PRC - [2011.10.17 08:42:40 | 003,074,040 | ---- | M] (Emsi Software GmbH) -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe
PRC - [2011.08.31 17:00:48 | 000,449,608 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011.08.31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011.07.03 16:15:53 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.04.29 15:48:19 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2010.10.15 09:14:59 | 003,058,304 | ---- | M] (ASUS) -- C:\Windows\AsScrPro.exe
PRC - [2010.09.14 04:45:56 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2010.09.14 04:45:44 | 000,508,264 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2010.08.12 03:46:34 | 001,597,440 | ---- | M] () -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
PRC - [2010.08.06 18:16:22 | 000,235,624 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2010.08.02 16:09:32 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.06.25 01:50:50 | 006,806,144 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
PRC - [2010.05.03 22:45:50 | 000,182,912 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
PRC - [2010.05.03 22:41:46 | 000,170,624 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
PRC - [2009.12.15 18:39:38 | 000,096,896 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
PRC - [2009.11.02 22:21:26 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
PRC - [2009.10.01 03:34:22 | 002,314,240 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2009.10.01 03:33:08 | 000,262,144 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2009.07.31 18:38:24 | 000,305,720 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
PRC - [2009.06.19 18:29:42 | 000,105,016 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
PRC - [2009.06.19 18:29:26 | 002,488,888 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
PRC - [2009.06.16 01:30:42 | 000,084,536 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
PRC - [2008.12.23 01:15:34 | 000,174,648 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
PRC - [2007.11.30 19:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.11.02 10:59:36 | 000,190,464 | ---- | M] () -- C:\Users\Maus\AppData\Roaming\AA97C\lvvm.exe
MOD - [2011.11.02 09:43:08 | 000,174,592 | ---- | M] () -- C:\Users\Maus\AppData\Roaming\5DCAA\A9CDC.exe
MOD - [2011.11.02 09:42:24 | 000,286,720 | ---- | M] () -- C:\Users\Maus\AppData\Roaming\Microsoft\DC55\06D.exe
MOD - [2010.08.12 03:46:34 | 001,597,440 | ---- | M] () -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
MOD - [2009.11.02 22:23:36 | 000,013,096 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
MOD - [2009.11.02 22:20:10 | 000,619,816 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
MOD - [2007.11.30 19:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2010.06.22 19:20:42 | 000,379,520 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Windows\SysNative\FBAgent.exe -- (AFBAgent)
SRV:64bit: - [2010.03.12 04:13:54 | 000,873,248 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2009.08.06 22:17:46 | 000,118,672 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)
SRV:64bit: - [2009.07.14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2011.10.17 08:42:40 | 003,074,040 | ---- | M] (Emsi Software GmbH) [Auto | Running] -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe -- (a2AntiMalware)
SRV - [2011.08.31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011.07.03 16:15:53 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.04.29 15:48:19 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010.10.15 09:09:57 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2010.10.15 09:09:52 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)
SRV - [2010.09.14 04:45:56 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2010.09.14 04:45:44 | 000,508,264 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2010.08.06 18:16:22 | 000,235,624 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.12.15 18:39:38 | 000,096,896 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
SRV - [2009.10.01 03:34:22 | 002,314,240 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2009.10.01 03:33:08 | 000,262,144 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2009.06.16 01:30:42 | 000,084,536 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe -- (ASLDRService)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2011.08.31 17:00:50 | 000,025,416 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011.07.03 16:15:53 | 000,123,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2011.07.03 16:15:53 | 000,088,288 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011.03.11 07:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.09.14 04:45:52 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2010.09.14 04:45:50 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2010.09.14 04:45:48 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2010.09.14 04:45:44 | 000,760,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2010.07.26 04:27:33 | 000,318,056 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsPStor.sys -- (RSPCIESTOR)
DRV:64bit: - [2010.06.23 02:31:11 | 000,333,928 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010.06.21 20:37:37 | 000,131,688 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2010.06.08 03:33:13 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010.05.29 01:05:58 | 000,108,032 | ---- | M] (Fresco Logic) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\FLxHCIc.sys -- (FLxHCIc) Fresco Logic xHCI (USB3)
DRV:64bit: - [2010.05.13 07:00:21 | 000,190,464 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\S6000KNT.sys -- (S6000KNT)
DRV:64bit: - [2010.03.19 11:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2010.03.05 04:19:45 | 000,316,464 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010.03.02 09:45:23 | 001,594,368 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2010.01.15 06:23:19 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2010.01.15 06:23:13 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2010.01.15 06:23:09 | 000,021,288 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2009.12.14 09:03:49 | 000,053,800 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btusbflt.sys -- (btusbflt)
DRV:64bit: - [2009.11.18 00:11:59 | 000,032,344 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MBfilt64.sys -- (MBfilt)
DRV:64bit: - [2009.09.17 20:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel(R)
DRV:64bit: - [2009.08.06 22:17:34 | 000,013,784 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)
DRV:64bit: - [2009.07.20 10:29:39 | 000,015,416 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kbfiltr.sys -- (kbfiltr)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 21:35:57 | 000,056,832 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SiSG664.sys -- (SiSGbeLH)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.13 17:07:20 | 000,015,928 | ---- | M] (ASUS) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ATK64AMD.sys -- (MTsensor)
DRV:64bit: - [2009.04.07 07:33:07 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2008.12.08 17:35:52 | 000,061,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2008.05.24 01:27:28 | 000,154,168 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2011.08.12 15:32:00 | 000,063,880 | ---- | M] (Emsi Software GmbH) [File_System | On_Demand | Stopped] -- C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2accx64.sys -- (a2acc)
DRV - [2011.05.19 14:10:34 | 000,023,208 | ---- | M] (Emsi Software GmbH) [Kernel | System | Running] -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys -- (A2DDA)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009.07.03 01:36:14 | 000,015,416 | ---- | M] (ASUS) [Kernel | Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/xmas/
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:58061
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
 
 
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS)
O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUS)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe ()
O4 - HKCU..\Run: [06D.exe] C:\Users\Maus\AppData\Roaming\Microsoft\DC55\06D.exe ()
O4 - HKCU..\Run: [ICQ] C:\Program Files (x86)\ICQ7.0\ICQ.exe (ICQ, LLC.)
O4 - Startup: C:\Users\Maus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DieKuhIstWeg.lnk =  File not found
F3:64bit: - HKCU WinNT: Load - (C:\Users\Maus\AppData\Roaming\AA97C\lvvm.exe) - C:\Users\Maus\AppData\Roaming\AA97C\lvvm.exe ()
F3 - HKCU WinNT: Load - (C:\Users\Maus\AppData\Roaming\AA97C\lvvm.exe) -C:\Users\Maus\AppData\Roaming\AA97C\lvvm.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Maus\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Maus\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra Button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files (x86)\ICQ7.0\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files (x86)\ICQ7.0\ICQ.exe (ICQ, LLC.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{25E8C731-B445-41DF-8387-8B8A7D1CB281}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{ED9C78FF-5B6A-45B8-9B82-248EB44D1894}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKCU Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (C:\Users\Maus\AppData\Roaming\5DCAA\A9CDC.exe) -C:\Users\Maus\AppData\Roaming\5DCAA\A9CDC.exe ()
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [1999.09.25 17:28:22 | 000,000,971 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{181dcc24-d830-11df-bcf4-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{181dcc24-d830-11df-bcf4-806e6f6e6963}\Shell\AutoRun\command - "" = E:\aoesetup.exe -- [2000.09.27 20:17:58 | 000,585,790 | R--- | M] (Microsoft Corporation)
O33 - MountPoints2\{181dcc24-d830-11df-bcf4-806e6f6e6963}\Shell\directx\command - "" = E:\DIRECTX\DXSETUP.EXE -- [1999.01.09 04:10:00 | 000,096,768 | R--- | M] (Microsoft Corporation)
O33 - MountPoints2\{181dcc24-d830-11df-bcf4-806e6f6e6963}\Shell\dplay\command - "" = E:\DIRECTX\DPLAY61A.EXE -- [1999.06.19 01:35:30 | 000,485,600 | R--- | M] (Microsoft Corporation)
O33 - MountPoints2\{181dcc24-d830-11df-bcf4-806e6f6e6963}\Shell\dxdiag\command - "" = E:\GOODIES\AR40DEU.EXE -- [1999.06.29 17:17:26 | 005,994,880 | R--- | M] (InstallShield Software Corporation)
O33 - MountPoints2\{181dcc24-d830-11df-bcf4-806e6f6e6963}\Shell\dxinfo\command - "" = E:\GOODIES\DIRECTX\DXINFO.EXE -- [1997.07.15 10:00:00 | 000,299,520 | R--- | M] (Microsoft Corp.)
O33 - MountPoints2\{181dcc24-d830-11df-bcf4-806e6f6e6963}\Shell\dxtest\command - "" = E:\DIRECTX\DXDIAG.EXE -- [1999.01.09 04:10:00 | 001,253,648 | R--- | M] (Microsoft Corporation)
O33 - MountPoints2\{181dcc24-d830-11df-bcf4-806e6f6e6963}\Shell\dxtool\command - "" = E:\GOODIES\DIRECTX\DXTOOL.EXE -- [1997.07.15 10:00:00 | 000,033,280 | R--- | M] (Microsoft Corporation)
O33 - MountPoints2\{181dcc24-d830-11df-bcf4-806e6f6e6963}\Shell\log\command - "" = E:\goodies\machine\machine.exe -- [1999.08.17 23:05:36 | 000,208,896 | R--- | M] (Microsoft Corporation)
O33 - MountPoints2\{181dcc24-d830-11df-bcf4-806e6f6e6963}\Shell\machine\command - "" = E:\GOODIES\MACHINE\MACHINE.EXE -- [1999.08.17 23:05:36 | 000,208,896 | R--- | M] (Microsoft Corporation)
O33 - MountPoints2\{181dcc24-d830-11df-bcf4-806e6f6e6963}\Shell\setup\command - "" = E:\aoesetup.exe -- [2000.09.27 20:17:58 | 000,585,790 | R--- | M] (Microsoft Corporation)
O33 - MountPoints2\{181dcc24-d830-11df-bcf4-806e6f6e6963}\Shell\zone\command - "" = E:\GOODIES\MSZONE\ZONEA600.EXE -- [1999.09.02 01:16:04 | 006,753,985 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
 
MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk - C:\PROGRA~1\WIDCOMM\BLUETO~1\BTTray.exe - (Broadcom Corporation.)
MsConfig:64bit - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: ASUS Screen Saver Protector - hkey= - key= - C:\Windows\AsScrPro.exe (ASUS)
MsConfig:64bit - StartUpReg: ASUS WebStorage - hkey= - key= - C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe ()
MsConfig:64bit - StartUpReg: Boingo Wi-Fi - hkey= - key= - C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo.lnk ()
MsConfig:64bit - StartUpReg: CLMLServer - hkey= - key= - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
MsConfig:64bit - StartUpReg: CPMonitor - hkey= - key= - C:\Program Files (x86)\Roxio\CinePlayer\5.0\CPMonitor.exe ()
MsConfig:64bit - StartUpReg: DivXUpdate - hkey= - key= - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
MsConfig:64bit - StartUpReg: EA Core - hkey= - key= - C:\Program Files (x86)\Electronic Arts\EADM\Core.exe (Electronic Arts)
MsConfig:64bit - StartUpReg: RTHDVCPL - hkey= - key= - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
MsConfig:64bit - StartUpReg: S6000Mnt - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: SessionLogon - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: Setwallpaper - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: SynTPEnh - hkey= - key= - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics Incorporated)
MsConfig:64bit - StartUpReg: THX TruStudio NB Settings - hkey= - key= - C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe (Creative Technology Ltd)
MsConfig:64bit - StartUpReg: THXCfg64 - hkey= - key= - C:\Windows\SysNative\RunDLL32.exe (Microsoft Corporation)
MsConfig:64bit - StartUpReg: UfSeAgnt.exe - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: UpdateLBPShortCut - hkey= - key= - C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
MsConfig:64bit - StartUpReg: UpdateP2GoShortCut - hkey= - key= - C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
MsConfig:64bit - StartUpReg: UpdReg - hkey= - key= - C:\Windows\Updreg.EXE (Creative Technology Ltd.)
MsConfig:64bit - State: "startup" - Reg Error: Key error.
 
SafeBootMin:64bit: AppMgmt - Service
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: AppMgmt - Service
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.iac2 - C:\Windows\SysWOW64\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)
Drivers32: VIDC.IV41 - C:\Windows\SysWow64\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\Windows\SysWow64\ir50_32.dll (Intel Corporation)
Drivers32: vidc.VP60 - C:\Windows\SysWOW64\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\Windows\SysWOW64\vp6vfw.dll (On2.com)
Drivers32: vidc.yv12 - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.11.02 12:39:41 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Maus\Desktop\OTL.exe
[2011.11.02 09:51:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2011.11.01 13:40:47 | 000,000,000 | ---D | C] -- C:\Users\Maus\Desktop\freigabe
[2011.11.01 10:45:35 | 000,000,000 | ---D | C] -- C:\Users\Maus\AppData\Roaming\Malwarebytes
[2011.11.01 10:45:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.11.01 10:45:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.11.01 10:45:11 | 000,025,416 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011.11.01 10:45:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011.11.01 00:05:47 | 000,000,000 | ---D | C] -- C:\Users\Maus\AppData\Roaming\AA97C
[2011.11.01 00:05:47 | 000,000,000 | ---D | C] -- C:\Users\Maus\AppData\Roaming\5DCAA
[2011.10.31 23:56:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Inspector File Recovery
[2011.10.31 23:56:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Inspector File Recovery
[2011.10.31 18:01:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware
[2011.10.31 13:29:02 | 000,000,000 | RHSD | C] -- C:\Users\Maus\M-1-52-5782-8752-5245
[2011.10.22 22:43:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games
[2011.10.22 22:41:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Games
[2011.10.22 22:29:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Core Design
[2011.10.22 22:29:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Core Design
 
========== Files - Modified Within 30 Days ==========
 
[2011.11.02 12:42:10 | 001,500,018 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011.11.02 12:42:10 | 000,654,648 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2011.11.02 12:42:10 | 000,616,490 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011.11.02 12:42:10 | 000,130,230 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2011.11.02 12:42:10 | 000,106,612 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011.11.02 12:36:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.11.02 12:36:48 | 3161,870,336 | -HS- | M] () -- C:\hiberfil.sys
[2011.11.02 12:36:29 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Maus\Desktop\OTL.exe
[2011.11.02 11:04:25 | 000,002,082 | ---- | M] () -- C:\Windows\SysNative\AutoRunFilter.ini
[2011.11.02 09:48:44 | 000,286,720 | ---- | M] () -- C:\Users\Maus\AppData\Roaming\iexplore.exe
[2011.11.02 09:46:13 | 000,010,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.11.02 09:46:13 | 000,010,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.11.02 09:38:54 | 000,045,056 | ---- | M] () -- C:\Windows\SysNative\acovcnt.exe
[2011.11.01 11:34:37 | 000,001,354 | ---- | M] () -- C:\Windows\SysNative\ServiceFilter.ini
[2011.11.01 10:45:15 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.10.31 23:56:42 | 000,001,858 | ---- | M] () -- C:\Users\Public\Desktop\PC Inspector File Recovery.lnk
[2011.10.31 23:46:04 | 000,000,006 | R--- | M] () -- C:\Users\Maus\AppData\Roaming\opera.exe
[2011.10.31 18:01:06 | 000,001,093 | ---- | M] () -- C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
[2011.10.27 09:09:06 | 000,276,944 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011.10.22 23:05:53 | 000,001,747 | ---- | M] () -- C:\Users\Maus\Desktop\win7 - Verknüpfung.lnk
[2011.10.22 22:43:18 | 000,002,180 | ---- | M] () -- C:\Users\Public\Desktop\Age of Empires II.lnk
[2011.10.18 21:47:01 | 000,001,021 | ---- | M] () -- C:\Users\Maus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DieKuhIstWeg.lnk
[2011.10.16 10:24:26 | 000,000,835 | ---- | M] () -- C:\Users\Public\Desktop\Opera.lnk
 
========== Files Created - No Company Name ==========
 
[2011.11.02 09:48:44 | 000,286,720 | ---- | C] () -- C:\Users\Maus\AppData\Roaming\iexplore.exe
[2011.11.01 10:45:15 | 000,001,111 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.10.31 23:56:44 | 000,006,200 | ---- | C] () -- C:\Windows\SysWow64\INT13EXT.VXD
[2011.10.31 23:56:42 | 000,001,858 | ---- | C] () -- C:\Users\Public\Desktop\PC Inspector File Recovery.lnk
[2011.10.31 23:46:04 | 000,000,006 | R--- | C] () -- C:\Users\Maus\AppData\Roaming\opera.exe
[2011.10.31 18:01:06 | 000,001,093 | ---- | C] () -- C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
[2011.10.22 23:05:53 | 000,001,747 | ---- | C] () -- C:\Users\Maus\Desktop\win7 - Verknüpfung.lnk
[2011.10.22 22:43:18 | 000,002,180 | ---- | C] () -- C:\Users\Public\Desktop\Age of Empires II.lnk
[2011.10.18 21:47:01 | 000,001,021 | ---- | C] () -- C:\Users\Maus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DieKuhIstWeg.lnk
[2010.12.24 15:49:49 | 000,000,024 | ---- | C] () -- C:\Windows\ATKPF.ini
[2010.12.24 15:34:58 | 000,004,608 | ---- | C] () -- C:\Users\Maus\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.11.29 11:21:55 | 000,000,526 | ---- | C] () -- C:\Windows\eReg.dat
[2010.11.06 19:34:00 | 001,526,948 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010.10.15 09:10:01 | 000,001,200 | ---- | C] () -- C:\Windows\THXCfg_SP_APOIM.ini
[2010.10.15 09:10:01 | 000,001,099 | ---- | C] () -- C:\Windows\THXCfg_HP_APOIM.ini
[2010.10.15 09:10:01 | 000,001,099 | ---- | C] () -- C:\Windows\THXCfg_APOIM.ini
[2010.10.15 09:09:59 | 000,181,760 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2010.10.15 09:09:59 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2010.10.15 08:52:24 | 000,131,472 | ---- | C] () -- C:\ProgramData\FullRemove.exe
[2010.05.13 06:59:59 | 000,015,190 | ---- | C] () -- C:\Windows\S6000Twn.ini
[2010.02.09 08:07:38 | 000,020,480 | ---- | C] () -- C:\Windows\OOBEPlayer.exe
[2010.02.09 08:07:38 | 000,000,269 | ---- | C] () -- C:\Windows\OOBEPlayer.ini
[2009.10.26 04:38:22 | 000,000,176 | ---- | C] () -- C:\Windows\explorer.exe.config
[2009.07.29 06:20:40 | 000,000,010 | ---- | C] () -- C:\Windows\SysWow64\ABLKSR.ini
[2009.07.14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009.07.14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[1997.06.14 09:56:08 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\iyvu9_32.dll
 
========== LOP Check ==========
 
[2011.11.02 09:43:08 | 000,000,000 | ---D | M] -- C:\Users\Maus\AppData\Roaming\5DCAA
[2011.11.02 10:59:36 | 000,000,000 | ---D | M] -- C:\Users\Maus\AppData\Roaming\AA97C
[2010.11.04 15:09:30 | 000,000,000 | ---D | M] -- C:\Users\Maus\AppData\Roaming\Asus WebStorage
[2011.08.05 09:49:20 | 000,000,000 | ---D | M] -- C:\Users\Maus\AppData\Roaming\DVDVideoSoft
[2011.06.06 12:13:52 | 000,000,000 | ---D | M] -- C:\Users\Maus\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.10.31 16:12:38 | 000,000,000 | ---D | M] -- C:\Users\Maus\AppData\Roaming\ICQ
[2010.12.11 11:56:23 | 000,000,000 | ---D | M] -- C:\Users\Maus\AppData\Roaming\iWin
[2010.11.04 15:15:15 | 000,000,000 | ---D | M] -- C:\Users\Maus\AppData\Roaming\Opera
[2010.12.11 12:03:27 | 000,000,000 | ---D | M] -- C:\Users\Maus\AppData\Roaming\PlayFirst
[2011.04.29 16:05:17 | 000,000,000 | ---D | M] -- C:\Users\Maus\AppData\Roaming\SoftGrid Client
[2010.11.06 19:34:40 | 000,000,000 | ---D | M] -- C:\Users\Maus\AppData\Roaming\TP
[2011.11.02 12:37:30 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2011.11.02 09:43:08 | 000,000,000 | ---D | M] -- C:\Users\Maus\AppData\Roaming\5DCAA
[2011.11.02 10:59:36 | 000,000,000 | ---D | M] -- C:\Users\Maus\AppData\Roaming\AA97C
[2011.03.07 17:54:25 | 000,000,000 | ---D | M] -- C:\Users\Maus\AppData\Roaming\Adobe
[2010.11.04 15:09:30 | 000,000,000 | ---D | M] -- C:\Users\Maus\AppData\Roaming\Asus WebStorage
[2010.12.10 11:55:31 | 000,000,000 | ---D | M] -- C:\Users\Maus\AppData\Roaming\Avira
[2010.11.05 22:00:56 | 000,000,000 | ---D | M] -- C:\Users\Maus\AppData\Roaming\CyberLink
[2011.04.26 12:59:45 | 000,000,000 | ---D | M] -- C:\Users\Maus\AppData\Roaming\dvdcss
[2011.08.05 09:49:20 | 000,000,000 | ---D | M] -- C:\Users\Maus\AppData\Roaming\DVDVideoSoft
[2011.06.06 12:13:52 | 000,000,000 | ---D | M] -- C:\Users\Maus\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.06.22 19:14:44 | 000,000,000 | ---D | M] -- C:\Users\Maus\AppData\Roaming\Google
[2011.10.31 16:12:38 | 000,000,000 | ---D | M] -- C:\Users\Maus\AppData\Roaming\ICQ
[2010.11.04 12:38:14 | 000,000,000 | ---D | M] -- C:\Users\Maus\AppData\Roaming\Identities
[2010.12.11 11:56:23 | 000,000,000 | ---D | M] -- C:\Users\Maus\AppData\Roaming\iWin
[2010.11.04 15:17:32 | 000,000,000 | ---D | M] -- C:\Users\Maus\AppData\Roaming\Macromedia
[2010.11.28 21:02:35 | 000,000,000 | ---D | M] -- C:\Users\Maus\AppData\Roaming\Macrovision
[2011.11.01 10:45:35 | 000,000,000 | ---D | M] -- C:\Users\Maus\AppData\Roaming\Malwarebytes
[2009.07.14 08:44:38 | 000,000,000 | ---D | M] -- C:\Users\Maus\AppData\Roaming\Media Center Programs
[2011.11.02 09:42:24 | 000,000,000 | --SD | M] -- C:\Users\Maus\AppData\Roaming\Microsoft
[2010.11.04 15:37:42 | 000,000,000 | ---D | M] -- C:\Users\Maus\AppData\Roaming\Mozilla
[2010.11.04 15:15:15 | 000,000,000 | ---D | M] -- C:\Users\Maus\AppData\Roaming\Opera
[2010.12.11 12:03:27 | 000,000,000 | ---D | M] -- C:\Users\Maus\AppData\Roaming\PlayFirst
[2011.04.29 16:05:17 | 000,000,000 | ---D | M] -- C:\Users\Maus\AppData\Roaming\SoftGrid Client
[2010.11.04 15:12:18 | 000,000,000 | ---D | M] -- C:\Users\Maus\AppData\Roaming\Sonic
[2010.11.06 19:34:40 | 000,000,000 | ---D | M] -- C:\Users\Maus\AppData\Roaming\TP
[2010.11.20 22:41:20 | 000,000,000 | ---D | M] -- C:\Users\Maus\AppData\Roaming\vlc
 
< %APPDATA%\*.exe /s >
[2011.11.02 09:48:44 | 000,286,720 | ---- | M] () -- C:\Users\Maus\AppData\Roaming\iexplore.exe
[2011.10.31 23:46:04 | 000,000,006 | R--- | M] () -- C:\Users\Maus\AppData\Roaming\opera.exe
[2011.11.02 09:43:07 | 000,174,592 | ---- | M] () -- C:\Users\Maus\AppData\Roaming\5DCAA\1843D.exe
[2011.11.02 09:43:08 | 000,174,592 | ---- | M] () -- C:\Users\Maus\AppData\Roaming\5DCAA\A9CDC.exe
[2011.11.02 10:59:36 | 000,190,464 | ---- | M] () -- C:\Users\Maus\AppData\Roaming\AA97C\lvvm.exe
[2011.10.18 21:46:28 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Users\Maus\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
[2011.02.10 22:39:11 | 002,832,544 | ---- | M] (Adobe Systems, Inc.) -- C:\Users\Maus\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe
[2011.11.02 09:42:23 | 000,286,720 | ---- | M] () -- C:\Users\Maus\AppData\Roaming\Microsoft\BC15\5A6.exe
[5 C:\Users\Maus\AppData\Roaming\Microsoft\BC15\*.tmp files -> C:\Users\Maus\AppData\Roaming\Microsoft\BC15\*.tmp -> ]
[2011.11.02 09:42:24 | 000,286,720 | ---- | M] () -- C:\Users\Maus\AppData\Roaming\Microsoft\DC55\06D.exe
[3 C:\Users\Maus\AppData\Roaming\Microsoft\DC55\*.tmp files -> C:\Users\Maus\AppData\Roaming\Microsoft\DC55\*.tmp -> ]
[2010.11.05 14:24:39 | 000,010,134 | R--- | M] () -- C:\Users\Maus\AppData\Roaming\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: IASTOR.SYS  >
[2010.06.08 03:33:13 | 000,540,696 | ---- | M] (Intel Corporation) MD5=2064090C9FAAD92C090D77E50E735B2E -- C:\eSupport\eDriver\Driver\IRST\Vista64_Win7_64_9.6.4.1002\iaStor.sys
[2010.06.08 03:33:13 | 000,540,696 | ---- | M] (Intel Corporation) MD5=2064090C9FAAD92C090D77E50E735B2E -- C:\Windows\SysNative\drivers\iaStor.sys
[2010.06.08 03:33:13 | 000,540,696 | ---- | M] (Intel Corporation) MD5=2064090C9FAAD92C090D77E50E735B2E -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_b2da0d5f1235b4d6\iaStor.sys
[2010.06.08 03:33:13 | 000,540,696 | ---- | M] (Intel Corporation) MD5=2064090C9FAAD92C090D77E50E735B2E -- C:\Windows\SysNative\DriverStore\FileRepository\iastor.inf_amd64_neutral_1170b46175ba2765\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2010.11.20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011.03.11 07:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
[2011.03.11 07:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011.03.11 07:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0033117673c16921\iaStorV.sys
[2011.03.11 07:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys
[2011.03.11 07:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys
[2009.07.14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys
[2009.07.14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.07.14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\SysNative\netlogon.dll
[2009.07.14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010.11.20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2009.07.14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys
[2009.07.14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011.03.11 07:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\SysNative\drivers\nvstor.sys
[2011.03.11 07:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_38e464dbe521cc7f\nvstor.sys
[2011.03.11 07:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011.03.11 07:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2011.03.11 07:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010.11.20 14:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 14:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009.07.14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\SysNative\scecli.dll
[2009.07.14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.11.20 13:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2009.07.14 02:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\SysNative\user32.dll
[2009.07.14 02:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009.07.14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\SysWOW64\user32.dll
[2009.07.14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[2010.11.20 14:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\SysNative\userinit.exe
[2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009.07.14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2010.10.15 08:59:46 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2010.10.15 08:59:46 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\SysNative\winlogon.exe
[2010.10.15 08:59:46 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:5D458568

< End of report >
         
--- --- ---

[/QUOTE]

Alt 02.11.2011, 13:12   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Facebook Trojaner und Co. KG - Standard

Facebook Trojaner und Co. KG



Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
ATTFilter
:OTL
PRC - [2011.11.02 10:59:36 | 000,190,464 | ---- | M] () -- C:\Users\Maus\AppData\Roaming\AA97C\lvvm.exe
PRC - [2011.11.02 09:43:08 | 000,174,592 | ---- | M] () -- C:\Users\Maus\AppData\Roaming\5DCAA\A9CDC.exe
PRC - [2011.11.02 09:42:24 | 000,286,720 | ---- | M] () -- C:\Users\Maus\AppData\Roaming\Microsoft\DC55\06D.exe
MOD - [2011.11.02 10:59:36 | 000,190,464 | ---- | M] () -- C:\Users\Maus\AppData\Roaming\AA97C\lvvm.exe
MOD - [2011.11.02 09:43:08 | 000,174,592 | ---- | M] () -- C:\Users\Maus\AppData\Roaming\5DCAA\A9CDC.exe
MOD - [2011.11.02 09:42:24 | 000,286,720 | ---- | M] () -- C:\Users\Maus\AppData\Roaming\Microsoft\DC55\06D.exe
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/xmas/
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:58061
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKCU..\Run: [06D.exe] C:\Users\Maus\AppData\Roaming\Microsoft\DC55\06D.exe ()
O4 - Startup: C:\Users\Maus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DieKuhIstWeg.lnk =  File not found
F3:64bit: - HKCU WinNT: Load - (C:\Users\Maus\AppData\Roaming\AA97C\lvvm.exe) - C:\Users\Maus\AppData\Roaming\AA97C\lvvm.exe ()
F3 - HKCU WinNT: Load - (C:\Users\Maus\AppData\Roaming\AA97C\lvvm.exe) -C:\Users\Maus\AppData\Roaming\AA97C\lvvm.exe ()
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [1999.09.25 17:28:22 | 000,000,971 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{181dcc24-d830-11df-bcf4-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{181dcc24-d830-11df-bcf4-806e6f6e6963}\Shell\AutoRun\command - "" = E:\aoesetup.exe -- [2000.09.27 20:17:58 | 000,585,790 | R--- | M] (Microsoft Corporation)
O33 - MountPoints2\{181dcc24-d830-11df-bcf4-806e6f6e6963}\Shell\directx\command - "" = E:\DIRECTX\DXSETUP.EXE -- [1999.01.09 04:10:00 | 000,096,768 | R--- | M] (Microsoft Corporation)
O33 - MountPoints2\{181dcc24-d830-11df-bcf4-806e6f6e6963}\Shell\dplay\command - "" = E:\DIRECTX\DPLAY61A.EXE -- [1999.06.19 01:35:30 | 000,485,600 | R--- | M] (Microsoft Corporation)
O33 - MountPoints2\{181dcc24-d830-11df-bcf4-806e6f6e6963}\Shell\dxdiag\command - "" = E:\GOODIES\AR40DEU.EXE -- [1999.06.29 17:17:26 | 005,994,880 | R--- | M] (InstallShield Software Corporation)
O33 - MountPoints2\{181dcc24-d830-11df-bcf4-806e6f6e6963}\Shell\dxinfo\command - "" = E:\GOODIES\DIRECTX\DXINFO.EXE -- [1997.07.15 10:00:00 | 000,299,520 | R--- | M] (Microsoft Corp.)
O33 - MountPoints2\{181dcc24-d830-11df-bcf4-806e6f6e6963}\Shell\dxtest\command - "" = E:\DIRECTX\DXDIAG.EXE -- [1999.01.09 04:10:00 | 001,253,648 | R--- | M] (Microsoft Corporation)
O33 - MountPoints2\{181dcc24-d830-11df-bcf4-806e6f6e6963}\Shell\dxtool\command - "" = E:\GOODIES\DIRECTX\DXTOOL.EXE -- [1997.07.15 10:00:00 | 000,033,280 | R--- | M] (Microsoft Corporation)
O33 - MountPoints2\{181dcc24-d830-11df-bcf4-806e6f6e6963}\Shell\log\command - "" = E:\goodies\machine\machine.exe -- [1999.08.17 23:05:36 | 000,208,896 | R--- | M] (Microsoft Corporation)
O33 - MountPoints2\{181dcc24-d830-11df-bcf4-806e6f6e6963}\Shell\machine\command - "" = E:\GOODIES\MACHINE\MACHINE.EXE -- [1999.08.17 23:05:36 | 000,208,896 | R--- | M] (Microsoft Corporation)
O33 - MountPoints2\{181dcc24-d830-11df-bcf4-806e6f6e6963}\Shell\setup\command - "" = E:\aoesetup.exe -- [2000.09.27 20:17:58 | 000,585,790 | R--- | M] (Microsoft Corporation)
O33 - MountPoints2\{181dcc24-d830-11df-bcf4-806e6f6e6963}\Shell\zone\command - "" = E:\GOODIES\MSZONE\ZONEA600.EXE -- [1999.09.02 01:16:04 | 006,753,985 | R--- | M] ()
[2011.11.01 00:05:47 | 000,000,000 | ---D | C] -- C:\Users\Maus\AppData\Roaming\AA97C
[2011.11.01 00:05:47 | 000,000,000 | ---D | C] -- C:\Users\Maus\AppData\Roaming\5DCAA
[2011.10.31 13:29:02 | 000,000,000 | RHSD | C] -- C:\Users\Maus\M-1-52-5782-8752-5245
@Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:5D458568
:Files
C:\Users\Maus\AppData\Roaming\*.exe
C:\Users\Maus\AppData\Roaming\Microsoft\BC15
C:\Users\Maus\AppData\Roaming\Microsoft\DC55
:Commands
[emptytemp]
[resethosts]
         
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 02.11.2011, 22:38   #9
RayCell-365
 
Facebook Trojaner und Co. KG - Standard

Facebook Trojaner und Co. KG



Habe das OTL FIX durchgeführt.
Im Anhang poste ich den LOG, aber das Internet ist auf dem Laptop nicht funktionstüchtig. Der gleiche Fehler wie nach der Quarantäne von C:\user\Maus\AppData\Roaming\AA97C\Lvvm.exe

Zitat:
All processes killed
========== OTL ==========
No active process named lvvm.exe was found!
No active process named A9CDC.exe was found!
No active process named 06D.exe was found!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\06D.exe deleted successfully.
C:\Users\Maus\AppData\Roaming\Microsoft\DC55\06D.exe moved successfully.
C:\Users\Maus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DieKuhIstWeg.lnk moved successfully.
C:\Users\Maus\AppData\Roaming\AA97C\lvvm.exe moved successfully.
64bit-Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\Load:C:\Users\Maus\AppData\Roaming\AA97C\lvvm.exe deleted successfully.
File \Users\Maus\AppData\Roaming\AA97C\lvvm.exe) -C:\Users\Maus\AppData\Roaming\AA97C\lvvm.exe not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\Load:C:\Users\Maus\AppData\Roaming\AA97C\lvvm.exe deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
File move failed. E:\AUTORUN.INF scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{181dcc24-d830-11df-bcf4-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{181dcc24-d830-11df-bcf4-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{181dcc24-d830-11df-bcf4-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{181dcc24-d830-11df-bcf4-806e6f6e6963}\ not found.
File move failed. E:\AOESETUP.EXE scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{181dcc24-d830-11df-bcf4-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{181dcc24-d830-11df-bcf4-806e6f6e6963}\ not found.
File move failed. E:\DIRECTX\DXSETUP.EXE scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{181dcc24-d830-11df-bcf4-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{181dcc24-d830-11df-bcf4-806e6f6e6963}\ not found.
File move failed. E:\DIRECTX\DPLAY61A.EXE scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{181dcc24-d830-11df-bcf4-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{181dcc24-d830-11df-bcf4-806e6f6e6963}\ not found.
File move failed. E:\GOODIES\AR40DEU.EXE scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{181dcc24-d830-11df-bcf4-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{181dcc24-d830-11df-bcf4-806e6f6e6963}\ not found.
File move failed. E:\GOODIES\DIRECTX\DXINFO.EXE scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{181dcc24-d830-11df-bcf4-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{181dcc24-d830-11df-bcf4-806e6f6e6963}\ not found.
File move failed. E:\DIRECTX\DXDIAG.EXE scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{181dcc24-d830-11df-bcf4-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{181dcc24-d830-11df-bcf4-806e6f6e6963}\ not found.
File move failed. E:\GOODIES\DIRECTX\DXTOOL.EXE scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{181dcc24-d830-11df-bcf4-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{181dcc24-d830-11df-bcf4-806e6f6e6963}\ not found.
File move failed. E:\GOODIES\MACHINE\MACHINE.EXE scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{181dcc24-d830-11df-bcf4-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{181dcc24-d830-11df-bcf4-806e6f6e6963}\ not found.
File move failed. E:\GOODIES\MACHINE\MACHINE.EXE scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{181dcc24-d830-11df-bcf4-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{181dcc24-d830-11df-bcf4-806e6f6e6963}\ not found.
File move failed. E:\AOESETUP.EXE scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{181dcc24-d830-11df-bcf4-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{181dcc24-d830-11df-bcf4-806e6f6e6963}\ not found.
File move failed. E:\GOODIES\MSZONE\ZONEA600.EXE scheduled to be moved on reboot.
C:\Users\Maus\AppData\Roaming\AA97C folder moved successfully.
C:\Users\Maus\AppData\Roaming\5DCAA folder moved successfully.
C:\Users\Maus\M-1-52-5782-8752-5245 folder moved successfully.
ADS C:\ProgramData\Temp:5D458568 deleted successfully.
========== FILES ==========
C:\Users\Maus\AppData\Roaming\iexplore.exe moved successfully.
C:\Users\Maus\AppData\Roaming\opera.exe moved successfully.
C:\Users\Maus\AppData\Roaming\Microsoft\BC15 folder moved successfully.
C:\Users\Maus\AppData\Roaming\Microsoft\DC55 folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56468 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Maus
->Temp folder emptied: 305404022 bytes
->Temporary Internet Files folder emptied: 77762792 bytes
->Opera cache emptied: 327959 bytes
->Flash cache emptied: 2909871 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 204143668 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50635 bytes
RecycleBin emptied: 5 bytes

Total Files Cleaned = 563,00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.31.0 log created on 11022011_233007

Files\Folders moved on Reboot...
File move failed. E:\AUTORUN.INF scheduled to be moved on reboot.
File move failed. E:\AOESETUP.EXE scheduled to be moved on reboot.
File move failed. E:\DIRECTX\DXSETUP.EXE scheduled to be moved on reboot.
File move failed. E:\DIRECTX\DPLAY61A.EXE scheduled to be moved on reboot.
File move failed. E:\GOODIES\AR40DEU.EXE scheduled to be moved on reboot.
File move failed. E:\GOODIES\DIRECTX\DXINFO.EXE scheduled to be moved on reboot.
File move failed. E:\DIRECTX\DXDIAG.EXE scheduled to be moved on reboot.
File move failed. E:\GOODIES\DIRECTX\DXTOOL.EXE scheduled to be moved on reboot.
File move failed. E:\GOODIES\MACHINE\MACHINE.EXE scheduled to be moved on reboot.
File move failed. E:\GOODIES\MSZONE\ZONEA600.EXE scheduled to be moved on reboot.
C:\Users\Maus\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...
Bild zum Internet Explorer Fehler


Geändert von RayCell-365 (02.11.2011 um 22:44 Uhr) Grund: Jpeg vom Internetfehler hinzugefügt

Alt 03.11.2011, 09:36   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Facebook Trojaner und Co. KG - Standard

Facebook Trojaner und Co. KG



Bei Problemen mit Malware immer auch das hier beachten wenn die Internetverbindung nicht geht => http://www.trojaner-board.de/94344-p...n-pruefen.html


Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!




Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 03.11.2011, 10:18   #11
RayCell-365
 
Facebook Trojaner und Co. KG - Standard

Facebook Trojaner und Co. KG



Servus,
Auf den Bock mit dem geänderten Proxy bin ich auch eben gekommen o_O



TDSSKiller Durchgeführt

Zitat:
11:11:26.0251 5300 TDSS rootkit removing tool 2.6.14.0 Oct 28 2011 11:11:01
11:11:26.0501 5300 ============================================================
11:11:26.0501 5300 Current date / time: 2011/11/03 11:11:26.0501
11:11:26.0501 5300 SystemInfo:
11:11:26.0501 5300
11:11:26.0501 5300 OS Version: 6.1.7600 ServicePack: 0.0
11:11:26.0501 5300 Product type: Workstation
11:11:26.0501 5300 ComputerName: MAUS-PC
11:11:26.0501 5300 UserName: Maus
11:11:26.0501 5300 Windows directory: C:\Windows
11:11:26.0501 5300 System windows directory: C:\Windows
11:11:26.0501 5300 Running under WOW64
11:11:26.0501 5300 Processor architecture: Intel x64
11:11:26.0501 5300 Number of processors: 8
11:11:26.0501 5300 Page size: 0x1000
11:11:26.0501 5300 Boot type: Normal boot
11:11:26.0501 5300 ============================================================
11:11:27.0140 5300 Initialize success
11:12:29.0759 1168 ============================================================
11:12:29.0759 1168 Scan started
11:12:29.0759 1168 Mode: Manual; SigCheck; TDLFS;
11:12:29.0759 1168 ============================================================
11:12:30.0476 1168 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
11:12:30.0695 1168 1394ohci - ok
11:12:30.0788 1168 a2acc (f4fefea0345656da93bd4b291f5641f3) C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2accx64.sys
11:12:31.0147 1168 a2acc - ok
11:12:31.0210 1168 A2DDA (3044d0f3feb9ffe8bc953d8f34b5b504) C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys
11:12:31.0225 1168 A2DDA - ok
11:12:31.0288 1168 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
11:12:31.0319 1168 ACPI - ok
11:12:31.0350 1168 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
11:12:31.0459 1168 AcpiPmi - ok
11:12:31.0506 1168 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
11:12:31.0553 1168 adp94xx - ok
11:12:31.0600 1168 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
11:12:31.0615 1168 adpahci - ok
11:12:31.0646 1168 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
11:12:31.0662 1168 adpu320 - ok
11:12:31.0740 1168 AFD (6ef20ddf3172e97d69f596fb90602f29) C:\Windows\system32\drivers\afd.sys
11:12:31.0802 1168 AFD - ok
11:12:31.0834 1168 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
11:12:31.0865 1168 agp440 - ok
11:12:31.0896 1168 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
11:12:31.0912 1168 aliide - ok
11:12:31.0943 1168 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
11:12:31.0958 1168 amdide - ok
11:12:31.0974 1168 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
11:12:32.0021 1168 AmdK8 - ok
11:12:32.0036 1168 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
11:12:32.0083 1168 AmdPPM - ok
11:12:32.0114 1168 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys
11:12:32.0130 1168 amdsata - ok
11:12:32.0146 1168 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
11:12:32.0161 1168 amdsbs - ok
11:12:32.0192 1168 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys
11:12:32.0208 1168 amdxata - ok
11:12:32.0286 1168 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
11:12:32.0395 1168 AppID - ok
11:12:32.0426 1168 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
11:12:32.0442 1168 arc - ok
11:12:32.0458 1168 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
11:12:32.0473 1168 arcsas - ok
11:12:32.0551 1168 ASMMAP64 (4c016fd76ed5c05e84ca8cab77993961) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys
11:12:32.0567 1168 ASMMAP64 - ok
11:12:32.0598 1168 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
11:12:32.0660 1168 AsyncMac - ok
11:12:32.0692 1168 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
11:12:32.0723 1168 atapi - ok
11:12:32.0785 1168 athr (f8633cdd09647a64ee8db550630427ff) C:\Windows\system32\DRIVERS\athrx.sys
11:12:32.0894 1168 athr - ok
11:12:32.0941 1168 avgntflt (b1224e6b086cd6548315b04ab575a23e) C:\Windows\system32\DRIVERS\avgntflt.sys
11:12:32.0957 1168 avgntflt - ok
11:12:33.0004 1168 avipbb (ed45f12cfa62b83765c9c1496758cc87) C:\Windows\system32\DRIVERS\avipbb.sys
11:12:33.0035 1168 avipbb - ok
11:12:33.0082 1168 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
11:12:33.0144 1168 b06bdrv - ok
11:12:33.0191 1168 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
11:12:33.0238 1168 b57nd60a - ok
11:12:33.0269 1168 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
11:12:33.0331 1168 Beep - ok
11:12:33.0378 1168 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
11:12:33.0409 1168 blbdrive - ok
11:12:33.0456 1168 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
11:12:33.0487 1168 bowser - ok
11:12:33.0518 1168 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
11:12:33.0565 1168 BrFiltLo - ok
11:12:33.0581 1168 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
11:12:33.0612 1168 BrFiltUp - ok
11:12:33.0643 1168 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
11:12:33.0690 1168 Brserid - ok
11:12:33.0721 1168 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
11:12:33.0752 1168 BrSerWdm - ok
11:12:33.0768 1168 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
11:12:33.0815 1168 BrUsbMdm - ok
11:12:33.0830 1168 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
11:12:33.0862 1168 BrUsbSer - ok
11:12:33.0908 1168 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
11:12:33.0940 1168 BthEnum - ok
11:12:33.0955 1168 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
11:12:34.0002 1168 BTHMODEM - ok
11:12:34.0033 1168 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
11:12:34.0080 1168 BthPan - ok
11:12:34.0127 1168 BTHPORT (21084ceb85280468c9aca3c805c0f8cf) C:\Windows\System32\Drivers\BTHport.sys
11:12:34.0174 1168 BTHPORT - ok
11:12:34.0220 1168 BTHUSB (8504842634dd144c075b6b0c982ccec4) C:\Windows\System32\Drivers\BTHUSB.sys
11:12:34.0252 1168 BTHUSB - ok
11:12:34.0298 1168 btusbflt (d3466f77c2c49c6e393ba5fba963a33e) C:\Windows\system32\drivers\btusbflt.sys
11:12:34.0314 1168 btusbflt - ok
11:12:34.0345 1168 btwaudio (a72a9101f9730db7332714e566614e4d) C:\Windows\system32\drivers\btwaudio.sys
11:12:34.0376 1168 btwaudio - ok
11:12:34.0392 1168 btwavdt (5ceec634b617525f2b6ad29f871033f7) C:\Windows\system32\DRIVERS\btwavdt.sys
11:12:34.0423 1168 btwavdt - ok
11:12:34.0454 1168 btwl2cap (6149301dc3f81d6f9667a3fbac410975) C:\Windows\system32\DRIVERS\btwl2cap.sys
11:12:34.0470 1168 btwl2cap - ok
11:12:34.0501 1168 btwrchid (2af5604d28bef77b7cf4b9d232fe7cd3) C:\Windows\system32\DRIVERS\btwrchid.sys
11:12:34.0532 1168 btwrchid - ok
11:12:34.0564 1168 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
11:12:34.0626 1168 cdfs - ok
11:12:34.0657 1168 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
11:12:34.0704 1168 cdrom - ok
11:12:34.0735 1168 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
11:12:34.0766 1168 circlass - ok
11:12:34.0798 1168 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
11:12:34.0813 1168 CLFS - ok
11:12:34.0876 1168 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
11:12:34.0907 1168 CmBatt - ok
11:12:34.0938 1168 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
11:12:34.0954 1168 cmdide - ok
11:12:34.0985 1168 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
11:12:35.0016 1168 CNG - ok
11:12:35.0047 1168 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
11:12:35.0063 1168 Compbatt - ok
11:12:35.0094 1168 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
11:12:35.0141 1168 CompositeBus - ok
11:12:35.0203 1168 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
11:12:35.0234 1168 crcdisk - ok
11:12:35.0312 1168 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
11:12:35.0359 1168 DfsC - ok
11:12:35.0375 1168 DFUBTUSB - ok
11:12:35.0406 1168 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
11:12:35.0468 1168 discache - ok
11:12:35.0500 1168 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
11:12:35.0515 1168 Disk - ok
11:12:35.0546 1168 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
11:12:35.0578 1168 drmkaud - ok
11:12:35.0640 1168 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
11:12:35.0702 1168 DXGKrnl - ok
11:12:35.0796 1168 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
11:12:35.0936 1168 ebdrv - ok
11:12:35.0999 1168 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
11:12:35.0999 1168 elxstor - ok
11:12:36.0014 1168 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
11:12:36.0046 1168 ErrDev - ok
11:12:36.0061 1168 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
11:12:36.0108 1168 exfat - ok
11:12:36.0124 1168 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
11:12:36.0155 1168 fastfat - ok
11:12:36.0186 1168 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
11:12:36.0233 1168 fdc - ok
11:12:36.0248 1168 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
11:12:36.0264 1168 FileInfo - ok
11:12:36.0280 1168 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
11:12:36.0342 1168 Filetrace - ok
11:12:36.0373 1168 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
11:12:36.0389 1168 flpydisk - ok
11:12:36.0436 1168 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
11:12:36.0436 1168 FltMgr - ok
11:12:36.0482 1168 FLxHCIc (e546fb34a4986316afc4dbacb32ae80e) C:\Windows\system32\DRIVERS\FLxHCIc.sys
11:12:36.0514 1168 FLxHCIc - ok
11:12:36.0560 1168 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
11:12:36.0576 1168 FsDepends - ok
11:12:36.0638 1168 fssfltr (5814011b2f6e088e29d689b5fcd49b8f) C:\Windows\system32\DRIVERS\fssfltr.sys
11:12:36.0654 1168 fssfltr - ok
11:12:36.0685 1168 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
11:12:36.0701 1168 Fs_Rec - ok
11:12:36.0748 1168 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
11:12:36.0763 1168 fvevol - ok
11:12:36.0779 1168 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
11:12:36.0794 1168 gagp30kx - ok
11:12:36.0810 1168 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
11:12:36.0857 1168 hcw85cir - ok
11:12:36.0888 1168 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
11:12:36.0935 1168 HdAudAddService - ok
11:12:36.0966 1168 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
11:12:37.0013 1168 HDAudBus - ok
11:12:37.0044 1168 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
11:12:37.0060 1168 HECIx64 - ok
11:12:37.0075 1168 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
11:12:37.0106 1168 HidBatt - ok
11:12:37.0138 1168 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
11:12:37.0169 1168 HidBth - ok
11:12:37.0200 1168 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
11:12:37.0247 1168 HidIr - ok
11:12:37.0278 1168 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
11:12:37.0309 1168 HidUsb - ok
11:12:37.0356 1168 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
11:12:37.0372 1168 HpSAMD - ok
11:12:37.0418 1168 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
11:12:37.0496 1168 HTTP - ok
11:12:37.0528 1168 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
11:12:37.0528 1168 hwpolicy - ok
11:12:37.0559 1168 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
11:12:37.0559 1168 i8042prt - ok
11:12:37.0606 1168 iaStor (2064090c9faad92c090d77e50e735b2e) C:\Windows\system32\DRIVERS\iaStor.sys
11:12:37.0606 1168 iaStor - ok
11:12:37.0652 1168 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys
11:12:37.0684 1168 iaStorV - ok
11:12:37.0699 1168 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
11:12:37.0715 1168 iirsp - ok
11:12:37.0840 1168 IntcAzAudAddService (c55f3030ceb3922590e6199fd2d39a0d) C:\Windows\system32\drivers\RTKVHD64.sys
11:12:37.0964 1168 IntcAzAudAddService - ok
11:12:37.0996 1168 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
11:12:38.0011 1168 intelide - ok
11:12:38.0042 1168 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
11:12:38.0058 1168 intelppm - ok
11:12:38.0089 1168 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
11:12:38.0136 1168 IpFilterDriver - ok
11:12:38.0167 1168 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
11:12:38.0198 1168 IPMIDRV - ok
11:12:38.0214 1168 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
11:12:38.0276 1168 IPNAT - ok
11:12:38.0308 1168 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
11:12:38.0339 1168 IRENUM - ok
11:12:38.0370 1168 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
11:12:38.0386 1168 isapnp - ok
11:12:38.0417 1168 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
11:12:38.0432 1168 iScsiPrt - ok
11:12:38.0479 1168 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
11:12:38.0495 1168 kbdclass - ok
11:12:38.0510 1168 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
11:12:38.0526 1168 kbdhid - ok
11:12:38.0557 1168 kbfiltr (e63ef8c3271d014f14e2469ce75fecb4) C:\Windows\system32\DRIVERS\kbfiltr.sys
11:12:38.0573 1168 kbfiltr - ok
11:12:38.0620 1168 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
11:12:38.0620 1168 KSecDD - ok
11:12:38.0651 1168 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys
11:12:38.0666 1168 KSecPkg - ok
11:12:38.0682 1168 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
11:12:38.0729 1168 ksthunk - ok
11:12:38.0776 1168 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
11:12:38.0807 1168 lltdio - ok
11:12:38.0854 1168 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
11:12:38.0854 1168 LSI_FC - ok
11:12:38.0869 1168 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
11:12:38.0885 1168 LSI_SAS - ok
11:12:38.0900 1168 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
11:12:38.0900 1168 LSI_SAS2 - ok
11:12:38.0932 1168 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
11:12:38.0932 1168 LSI_SCSI - ok
11:12:38.0947 1168 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
11:12:38.0994 1168 luafv - ok
11:12:39.0041 1168 MBAMProtector (23a854450dab5c9b7a42ab9be6f2e4bd) C:\Windows\system32\drivers\mbam.sys
11:12:39.0072 1168 MBAMProtector - ok
11:12:39.0103 1168 MBfilt (8ff2d95cba49b405c5de27039ff0bf35) C:\Windows\system32\drivers\MBfilt64.sys
11:12:39.0119 1168 MBfilt - ok
11:12:39.0150 1168 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
11:12:39.0166 1168 megasas - ok
11:12:39.0181 1168 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
11:12:39.0197 1168 MegaSR - ok
11:12:39.0228 1168 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
11:12:39.0275 1168 Modem - ok
11:12:39.0290 1168 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
11:12:39.0322 1168 monitor - ok
11:12:39.0353 1168 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
11:12:39.0368 1168 mouclass - ok
11:12:39.0384 1168 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
11:12:39.0400 1168 mouhid - ok
11:12:39.0431 1168 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
11:12:39.0431 1168 mountmgr - ok
11:12:39.0462 1168 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
11:12:39.0462 1168 mpio - ok
11:12:39.0478 1168 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
11:12:39.0540 1168 mpsdrv - ok
11:12:39.0556 1168 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
11:12:39.0587 1168 MRxDAV - ok
11:12:39.0618 1168 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
11:12:39.0696 1168 mrxsmb - ok
11:12:39.0727 1168 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
11:12:39.0774 1168 mrxsmb10 - ok
11:12:39.0805 1168 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
11:12:39.0836 1168 mrxsmb20 - ok
11:12:39.0852 1168 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
11:12:39.0868 1168 msahci - ok
11:12:39.0883 1168 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
11:12:39.0899 1168 msdsm - ok
11:12:39.0914 1168 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
11:12:39.0946 1168 Msfs - ok
11:12:39.0977 1168 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
11:12:40.0008 1168 mshidkmdf - ok
11:12:40.0024 1168 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
11:12:40.0055 1168 msisadrv - ok
11:12:40.0102 1168 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
11:12:40.0133 1168 MSKSSRV - ok
11:12:40.0180 1168 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
11:12:40.0242 1168 MSPCLOCK - ok
11:12:40.0273 1168 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
11:12:40.0320 1168 MSPQM - ok
11:12:40.0351 1168 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
11:12:40.0367 1168 MsRPC - ok
11:12:40.0398 1168 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
11:12:40.0398 1168 mssmbios - ok
11:12:40.0414 1168 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
11:12:40.0460 1168 MSTEE - ok
11:12:40.0476 1168 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
11:12:40.0492 1168 MTConfig - ok
11:12:40.0538 1168 MTsensor (032d35c996f21d19a205a7c8f0b76f3c) C:\Windows\system32\DRIVERS\ATK64AMD.sys
11:12:40.0554 1168 MTsensor - ok
11:12:40.0601 1168 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
11:12:40.0616 1168 Mup - ok
11:12:40.0663 1168 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
11:12:40.0694 1168 NativeWifiP - ok
11:12:40.0757 1168 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
11:12:40.0819 1168 NDIS - ok
11:12:40.0850 1168 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
11:12:40.0897 1168 NdisCap - ok
11:12:40.0928 1168 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
11:12:40.0960 1168 NdisTapi - ok
11:12:40.0991 1168 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
11:12:41.0022 1168 Ndisuio - ok
11:12:41.0038 1168 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
11:12:41.0069 1168 NdisWan - ok
11:12:41.0100 1168 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
11:12:41.0162 1168 NDProxy - ok
11:12:41.0194 1168 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
11:12:41.0225 1168 NetBIOS - ok
11:12:41.0256 1168 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
11:12:41.0287 1168 NetBT - ok
11:12:41.0334 1168 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
11:12:41.0334 1168 nfrd960 - ok
11:12:41.0365 1168 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
11:12:41.0412 1168 Npfs - ok
11:12:41.0428 1168 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
11:12:41.0474 1168 nsiproxy - ok
11:12:41.0537 1168 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys
11:12:41.0646 1168 Ntfs - ok
11:12:41.0677 1168 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
11:12:41.0724 1168 Null - ok
11:12:41.0755 1168 NVHDA (e20abd5b229760158f753ca90b97e090) C:\Windows\system32\drivers\nvhda64v.sys
11:12:41.0786 1168 NVHDA - ok
11:12:42.0020 1168 nvlddmkm (cd1fa0363699c1c2a2b1c3729c6e3499) C:\Windows\system32\DRIVERS\nvlddmkm.sys
11:12:42.0379 1168 nvlddmkm - ok
11:12:42.0535 1168 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys
11:12:42.0551 1168 nvraid - ok
11:12:42.0582 1168 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys
11:12:42.0613 1168 nvstor - ok
11:12:42.0629 1168 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
11:12:42.0644 1168 nv_agp - ok
11:12:42.0660 1168 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
11:12:42.0691 1168 ohci1394 - ok
11:12:42.0722 1168 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
11:12:42.0754 1168 Parport - ok
11:12:42.0769 1168 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
11:12:42.0785 1168 partmgr - ok
11:12:42.0816 1168 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
11:12:42.0832 1168 pci - ok
11:12:42.0863 1168 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
11:12:42.0878 1168 pciide - ok
11:12:42.0894 1168 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
11:12:42.0910 1168 pcmcia - ok
11:12:42.0941 1168 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
11:12:42.0956 1168 pcw - ok
11:12:42.0988 1168 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
11:12:43.0066 1168 PEAUTH - ok
11:12:43.0128 1168 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
11:12:43.0175 1168 PptpMiniport - ok
11:12:43.0190 1168 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
11:12:43.0222 1168 Processor - ok
11:12:43.0237 1168 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
11:12:43.0284 1168 Psched - ok
11:12:43.0331 1168 PxHlpa64 (87b04878a6d59d6c79251dc960c674c1) C:\Windows\system32\Drivers\PxHlpa64.sys
11:12:43.0346 1168 PxHlpa64 - ok
11:12:43.0409 1168 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
11:12:43.0471 1168 ql2300 - ok
11:12:43.0502 1168 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
11:12:43.0502 1168 ql40xx - ok
11:12:43.0534 1168 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
11:12:43.0565 1168 QWAVEdrv - ok
11:12:43.0596 1168 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
11:12:43.0627 1168 RasAcd - ok
11:12:43.0674 1168 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
11:12:43.0690 1168 RasAgileVpn - ok
11:12:43.0721 1168 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
11:12:43.0752 1168 Rasl2tp - ok
11:12:43.0783 1168 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
11:12:43.0814 1168 RasPppoe - ok
11:12:43.0846 1168 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
11:12:43.0892 1168 RasSstp - ok
11:12:43.0924 1168 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
11:12:43.0955 1168 rdbss - ok
11:12:43.0970 1168 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
11:12:43.0986 1168 rdpbus - ok
11:12:44.0017 1168 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
11:12:44.0048 1168 RDPCDD - ok
11:12:44.0064 1168 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
11:12:44.0111 1168 RDPENCDD - ok
11:12:44.0126 1168 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
11:12:44.0158 1168 RDPREFMP - ok
11:12:44.0189 1168 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
11:12:44.0236 1168 RDPWD - ok
11:12:44.0282 1168 rdyboost (e5dc9ba9e439d6dbdd79f8caacb5bf01) C:\Windows\system32\drivers\rdyboost.sys
11:12:44.0298 1168 rdyboost - ok
11:12:44.0345 1168 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
11:12:44.0376 1168 RFCOMM - ok
11:12:44.0438 1168 RSPCIESTOR (4ec9bac49473043ebd1eec6ea59d8b2f) C:\Windows\system32\DRIVERS\RtsPStor.sys
11:12:44.0454 1168 RSPCIESTOR - ok
11:12:44.0485 1168 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
11:12:44.0516 1168 rspndr - ok
11:12:44.0548 1168 RTL8167 (20a466b9ea2bd828c0ec723f99b8cfe7) C:\Windows\system32\DRIVERS\Rt64win7.sys
11:12:44.0579 1168 RTL8167 - ok
11:12:44.0626 1168 S6000KNT (268967955b42dab765395e72277f5346) C:\Windows\system32\Drivers\S6000KNT.sys
11:12:44.0641 1168 S6000KNT - ok
11:12:44.0672 1168 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
11:12:44.0688 1168 sbp2port - ok
11:12:44.0719 1168 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
11:12:44.0766 1168 scfilter - ok
11:12:44.0813 1168 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
11:12:44.0828 1168 secdrv - ok
11:12:44.0860 1168 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
11:12:44.0891 1168 Serenum - ok
11:12:44.0922 1168 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
11:12:44.0938 1168 Serial - ok
11:12:44.0953 1168 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
11:12:44.0969 1168 sermouse - ok
11:12:45.0000 1168 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
11:12:45.0047 1168 sffdisk - ok
11:12:45.0078 1168 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
11:12:45.0109 1168 sffp_mmc - ok
11:12:45.0125 1168 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\DRIVERS\sffp_sd.sys
11:12:45.0156 1168 sffp_sd - ok
11:12:45.0172 1168 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
11:12:45.0203 1168 sfloppy - ok
11:12:45.0296 1168 Sftfs (a40abfdcb75f835fdf3ce0cc64e4250d) C:\Windows\system32\DRIVERS\Sftfslh.sys
11:12:45.0359 1168 Sftfs - ok
11:12:45.0406 1168 Sftplay (411769ed1cb12d2b44217734347bdb7a) C:\Windows\system32\DRIVERS\Sftplaylh.sys
11:12:45.0437 1168 Sftplay - ok
11:12:45.0484 1168 Sftredir (a14d0df34bbb00ea94da16193d0c7957) C:\Windows\system32\DRIVERS\Sftredirlh.sys
11:12:45.0499 1168 Sftredir - ok
11:12:45.0515 1168 Sftvol (393b22addd89979eb1c60898f51c3648) C:\Windows\system32\DRIVERS\Sftvollh.sys
11:12:45.0530 1168 Sftvol - ok
11:12:45.0577 1168 SiSGbeLH (1bc348cf6baa90ec8e533ef6e6a69933) C:\Windows\system32\DRIVERS\SiSG664.sys
11:12:45.0593 1168 SiSGbeLH - ok
11:12:45.0624 1168 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
11:12:45.0624 1168 SiSRaid2 - ok
11:12:45.0640 1168 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
11:12:45.0640 1168 SiSRaid4 - ok
11:12:45.0671 1168 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
11:12:45.0702 1168 Smb - ok
11:12:45.0718 1168 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
11:12:45.0733 1168 spldr - ok
11:12:45.0764 1168 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
11:12:45.0796 1168 srv - ok
11:12:45.0827 1168 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
11:12:45.0842 1168 srv2 - ok
11:12:45.0874 1168 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
11:12:45.0889 1168 srvnet - ok
11:12:45.0936 1168 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
11:12:45.0936 1168 stexstor - ok
11:12:45.0983 1168 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
11:12:45.0983 1168 swenum - ok
11:12:46.0045 1168 SynTP (01a658167619075baad31c96074c0b38) C:\Windows\system32\DRIVERS\SynTP.sys
11:12:46.0076 1168 SynTP - ok
11:12:46.0154 1168 Tcpip (b9d87c7707f058ac652a398cd28de14b) C:\Windows\system32\drivers\tcpip.sys
11:12:46.0264 1168 Tcpip - ok
11:12:46.0326 1168 TCPIP6 (b9d87c7707f058ac652a398cd28de14b) C:\Windows\system32\DRIVERS\tcpip.sys
11:12:46.0373 1168 TCPIP6 - ok
11:12:46.0404 1168 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
11:12:46.0451 1168 tcpipreg - ok
11:12:46.0482 1168 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
11:12:46.0529 1168 TDPIPE - ok
11:12:46.0544 1168 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
11:12:46.0560 1168 TDTCP - ok
11:12:46.0591 1168 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
11:12:46.0622 1168 tdx - ok
11:12:46.0638 1168 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
11:12:46.0654 1168 TermDD - ok
11:12:46.0700 1168 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
11:12:46.0732 1168 tssecsrv - ok
11:12:46.0763 1168 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
11:12:46.0810 1168 tunnel - ok
11:12:46.0841 1168 TurboB (c45a3e051c65106a28982caed125f855) C:\Windows\system32\DRIVERS\TurboB.sys
11:12:46.0841 1168 TurboB - ok
11:12:46.0872 1168 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
11:12:46.0888 1168 uagp35 - ok
11:12:46.0903 1168 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
11:12:46.0934 1168 udfs - ok
11:12:46.0966 1168 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
11:12:46.0966 1168 uliagpkx - ok
11:12:46.0997 1168 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
11:12:47.0028 1168 umbus - ok
11:12:47.0059 1168 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
11:12:47.0090 1168 UmPass - ok
11:12:47.0153 1168 usbccgp (7b6a127c93ee590e4d79a5f2a76fe46f) C:\Windows\system32\DRIVERS\usbccgp.sys
11:12:47.0200 1168 usbccgp - ok
11:12:47.0231 1168 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
11:12:47.0262 1168 usbcir - ok
11:12:47.0293 1168 usbehci (92969ba5ac44e229c55a332864f79677) C:\Windows\system32\drivers\usbehci.sys
11:12:47.0340 1168 usbehci - ok
11:12:47.0371 1168 usbhub (e7df1cfd28ca86b35ef5add0735ceef3) C:\Windows\system32\DRIVERS\usbhub.sys
11:12:47.0402 1168 usbhub - ok
11:12:47.0434 1168 usbohci (f1bb1e55f1e7a65c5839ccc7b36d773e) C:\Windows\system32\drivers\usbohci.sys
11:12:47.0465 1168 usbohci - ok
11:12:47.0496 1168 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
11:12:47.0543 1168 usbprint - ok
11:12:47.0574 1168 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\DRIVERS\USBSTOR.SYS
11:12:47.0621 1168 USBSTOR - ok
11:12:47.0636 1168 usbuhci (bc3070350a491d84b518d7cca9abd36f) C:\Windows\system32\drivers\usbuhci.sys
11:12:47.0668 1168 usbuhci - ok
11:12:47.0746 1168 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\System32\Drivers\usbvideo.sys
11:12:47.0792 1168 usbvideo - ok
11:12:47.0870 1168 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
11:12:47.0902 1168 vdrvroot - ok
11:12:47.0933 1168 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
11:12:47.0948 1168 vga - ok
11:12:47.0980 1168 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
11:12:48.0026 1168 VgaSave - ok
11:12:48.0058 1168 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
11:12:48.0089 1168 vhdmp - ok
11:12:48.0104 1168 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
11:12:48.0120 1168 viaide - ok
11:12:48.0136 1168 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
11:12:48.0151 1168 volmgr - ok
11:12:48.0182 1168 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
11:12:48.0214 1168 volmgrx - ok
11:12:48.0229 1168 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
11:12:48.0245 1168 volsnap - ok
11:12:48.0276 1168 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
11:12:48.0276 1168 vsmraid - ok
11:12:48.0292 1168 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
11:12:48.0354 1168 vwifibus - ok
11:12:48.0370 1168 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
11:12:48.0416 1168 vwififlt - ok
11:12:48.0463 1168 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
11:12:48.0494 1168 vwifimp - ok
11:12:48.0526 1168 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
11:12:48.0541 1168 WacomPen - ok
11:12:48.0588 1168 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
11:12:48.0635 1168 WANARP - ok
11:12:48.0650 1168 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
11:12:48.0682 1168 Wanarpv6 - ok
11:12:48.0697 1168 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
11:12:48.0713 1168 Wd - ok
11:12:48.0744 1168 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
11:12:48.0760 1168 Wdf01000 - ok
11:12:48.0791 1168 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
11:12:48.0822 1168 WfpLwf - ok
11:12:48.0853 1168 WimFltr (52ded146e4797e6ccf94799e8e22bb2a) C:\Windows\system32\DRIVERS\wimfltr.sys
11:12:48.0853 1168 WimFltr - ok
11:12:48.0869 1168 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
11:12:48.0884 1168 WIMMount - ok
11:12:48.0931 1168 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
11:12:48.0947 1168 WmiAcpi - ok
11:12:48.0978 1168 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
11:12:49.0025 1168 ws2ifsl - ok
11:12:49.0040 1168 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
11:12:49.0087 1168 WudfPf - ok
11:12:49.0103 1168 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
11:12:49.0150 1168 WUDFRd - ok
11:12:49.0196 1168 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
11:12:49.0368 1168 \Device\Harddisk0\DR0 - ok
11:12:49.0384 1168 MBR (0x1B8) (64b1e91c5c6c2157642651010728f90f) \Device\Harddisk1\DR1
11:12:49.0836 1168 \Device\Harddisk1\DR1 - ok
11:12:49.0836 1168 Boot (0x1200) (eba795ea94f1d89335f5580c6297aa24) \Device\Harddisk0\DR0\Partition0
11:12:49.0836 1168 \Device\Harddisk0\DR0\Partition0 - ok
11:12:49.0898 1168 Boot (0x1200) (78a1134e73325437a191167743116336) \Device\Harddisk0\DR0\Partition1
11:12:49.0898 1168 \Device\Harddisk0\DR0\Partition1 - ok
11:12:49.0898 1168 Boot (0x1200) (5e3cc8cfcfb605d5fca437a91f585a1a) \Device\Harddisk1\DR1\Partition0
11:12:49.0898 1168 \Device\Harddisk1\DR1\Partition0 - ok
11:12:49.0914 1168 Boot (0x1200) (c4731c03bc5f0f2281dc582deaaecf37) \Device\Harddisk1\DR1\Partition1
11:12:49.0914 1168 \Device\Harddisk1\DR1\Partition1 - ok
11:12:49.0914 1168 ============================================================
11:12:49.0914 1168 Scan finished
11:12:49.0914 1168 ============================================================
11:12:49.0930 3696 Detected object count: 0
11:12:49.0930 3696 Actual detected object count: 0
Ist der Laptop jetzt Virenfrei?
Wenn ja, was wäre für die Zukunft als Schutz am Besten (außer diesen zuzukleben)?

mfg RayCell-365

Geändert von RayCell-365 (03.11.2011 um 10:19 Uhr) Grund: falscher link

Alt 03.11.2011, 10:33   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Facebook Trojaner und Co. KG - Standard

Facebook Trojaner und Co. KG



Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 04.11.2011, 08:59   #13
RayCell-365
 
Facebook Trojaner und Co. KG - Standard

Facebook Trojaner und Co. KG



Servus,
hier das LOG

Zitat:
Combofix Logfile:
Code:
ATTFilter
ComboFix 11-11-04.01 - Maus 04.11.2011   9:46.1.8 - x64
Microsoft Windows 7 Home Premium   6.1.7600.0.1252.49.1031.18.4021.2347 [GMT 1:00]
ausgeführt von:: c:\users\Maus\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Outdated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Outdated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\esupport\eDriver\Software\ASUS\MultiFrame\XP32_Vista32_Vista64_Win7_32_Win7_64_1.0.0021\Desktop_.ini
c:\programdata\FullRemove.exe
c:\windows\IsUn0407.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2011-10-04 bis 2011-11-04  ))))))))))))))))))))))))))))))
.
.
2011-11-03 09:56 . 2011-11-03 09:56	--------	d-----w-	c:\users\Maus\AppData\Local\ElevatedDiagnostics
2011-11-02 22:30 . 2011-11-02 22:30	--------	d-----w-	C:\_OTL
2011-11-02 08:51 . 2011-11-02 08:51	--------	d-----w-	c:\program files (x86)\ESET
2011-11-01 09:45 . 2011-11-01 09:45	--------	d-----w-	c:\users\Maus\AppData\Roaming\Malwarebytes
2011-11-01 09:45 . 2011-11-01 09:45	--------	d-----w-	c:\programdata\Malwarebytes
2011-11-01 09:45 . 2011-11-01 09:45	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2011-11-01 09:45 . 2011-08-31 16:00	25416	----a-w-	c:\windows\system32\drivers\mbam.sys
2011-10-31 22:56 . 2002-02-18 17:40	6200	----a-w-	c:\windows\SysWow64\INT13EXT.VXD
2011-10-31 22:56 . 2011-10-31 22:56	--------	d-----w-	c:\program files (x86)\PC Inspector File Recovery
2011-10-31 22:56 . 2002-12-05 13:12	692224	----a-w-	c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iKernel.dll
2011-10-31 22:56 . 2002-12-05 13:10	155648	----a-w-	c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iuser.dll
2011-10-31 22:56 . 2002-12-02 14:22	5632	----a-w-	c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\DotNetInstaller.exe
2011-10-31 22:56 . 2002-12-02 12:33	57344	----a-w-	c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll
2011-10-31 22:56 . 2002-12-02 12:33	237568	----a-w-	c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iscript.dll
2011-10-31 22:56 . 2011-10-31 22:56	163972	----a-w-	c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iGdi.dll
2011-10-31 22:56 . 2011-10-31 22:56	282756	----a-w-	c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\setup.dll
2011-10-31 12:29 . 2011-10-31 12:29	99840	----a-w-	c:\users\Maus\AppData\Roaming\Microsoft\3D75\6FF2.tmp
2011-10-27 08:14 . 2011-08-15 05:08	6144	----a-w-	c:\program files\Internet Explorer\iecompat.dll
2011-10-27 08:14 . 2011-08-15 04:25	6144	----a-w-	c:\program files (x86)\Internet Explorer\iecompat.dll
2011-10-22 21:41 . 2011-10-22 21:41	--------	d-----w-	c:\program files (x86)\Microsoft Games
2011-10-22 21:29 . 2011-10-22 21:29	--------	d-----w-	c:\program files (x86)\Core Design
2011-10-13 09:24 . 2011-08-17 05:32	613888	----a-w-	c:\windows\system32\psisdecd.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-02 08:38 . 2010-10-15 08:18	45056	----a-w-	c:\windows\system32\acovcnt.exe
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ICQ"="c:\program files (x86)\ICQ7.0\ICQ.exe" [2011-01-05 133432]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2010-06-25 6806144]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-05-03 170624]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2010-08-12 1597440]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2010-08-02 281768]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer5"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 a2acc;a2acc;c:\program files (x86)\EMSISOFT ANTI-MALWARE\a2accx64.sys [2011-08-12 63880]
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2010-10-15 79360]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-10-15 79360]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [x]
R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe [2009-08-06 118672]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 A2DDA;A2 Direct Disk Access Support Driver;c:\program files (x86)\Emsisoft Anti-Malware\a2ddax64.sys [2011-05-19 23208]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 a2AntiMalware;Emsisoft Anti-Malware 6.0 - Service;c:\program files (x86)\Emsisoft Anti-Malware\a2service.exe [2011-10-17 3074040]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [x]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-04-29 136360]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-03 15416]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-10-20 821664]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-09-14 508264]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-08-06 235624]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [x]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-10-01 2314240]
S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
S3 FLxHCIc;Fresco Logic xHCI (USB3) Device Driver;c:\windows\system32\DRIVERS\FLxHCIc.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 S6000KNT;S6000KNT_WebCam Driver;c:\windows\system32\Drivers\S6000KNT.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-09-14 219496]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
2009-11-26 05:49	70656	----a-w-	c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{64174815-8D98-4CE6-8646-4C039977D808}"
[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
2009-11-26 05:49	70656	----a-w-	c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = 
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = 
IE: Free YouTube to MP3 Converter - c:\users\Maus\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
TCP: DhcpNameServer = 192.168.2.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-Tomb Raider III - c:\windows\IsUn0407.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2011-11-04  09:54:00
ComboFix-quarantined-files.txt  2011-11-04 08:54
.
Vor Suchlauf: 9.619.456.000 Bytes frei
Nach Suchlauf: 9.218.498.560 Bytes frei
.
- - End Of File - - 5FD34A4B5802238CBAB205FA5CB0DAB7
         
--- --- ---

Wie sieht es jetzt aus?
Ach ein Wurm hab ich noch vergessen o_O der hängt schon länger drin. Dieser hält sich für eine Festplatte (Q auf die man nicht zugreifen kann und die es auch nicht gibt. Sie nannte sich "Microsoft office 2011 starter kit" oder so. Habe diese umbenannt in der Hoffnung die Funktion zu stören.

mfg RayCell-365

Alt 04.11.2011, 09:38   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Facebook Trojaner und Co. KG - Standard

Facebook Trojaner und Co. KG



Combofix - Scripten

1. Starte das Notepad (Start / Ausführen / notepad[Enter])

2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein.

Code:
ATTFilter
KillAll:
Folder::
c:\users\Maus\AppData\Roaming\Microsoft\3D75

File::
c:\windows\system32\acovcnt.exe
         
3. Speichere im Notepad als CFScript.txt auf dem Desktop.

4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall.
(Auch Guards von Ad-, Spyware Programmen und den Tea Timer (wenn vorhanden) !)

5. Dann ziehe die CFScript.txt auf die cofi.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet.



6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien:
Combofix.txt

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 04.11.2011, 22:08   #15
RayCell-365
 
Facebook Trojaner und Co. KG - Standard

Facebook Trojaner und Co. KG



Und da kommt das neue Log schon^^
Macht langsam spass.

Zitat:
Combofix Logfile:
Code:
ATTFilter
ComboFix 11-11-04.01 - Maus 04.11.2011  22:56:53.2.8 - x64
Microsoft Windows 7 Home Premium   6.1.7600.0.1252.49.1031.18.4021.2252 [GMT 1:00]
ausgeführt von:: c:\users\Maus\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\Maus\Desktop\CFScript.txt
AV: AntiVir Desktop *Disabled/Outdated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Outdated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\system32\acovcnt.exe"
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Maus\AppData\Roaming\Microsoft\3D75
c:\users\Maus\AppData\Roaming\Microsoft\3D75\25DA.tmp
c:\users\Maus\AppData\Roaming\Microsoft\3D75\2BD0.tmp
c:\users\Maus\AppData\Roaming\Microsoft\3D75\6FF2.tmp
c:\users\Maus\AppData\Roaming\Microsoft\3D75\7B97.tmp
c:\users\Maus\AppData\Roaming\Microsoft\3D75\BC3C.tmp
c:\users\Maus\AppData\Roaming\Microsoft\3D75\C763.tmp
c:\users\Maus\AppData\Roaming\Microsoft\3D75\C947.tmp
c:\users\Maus\AppData\Roaming\Microsoft\3D75\CBA7.tmp
c:\users\Maus\AppData\Roaming\Microsoft\3D75\D70C.tmp
c:\users\Maus\AppData\Roaming\Microsoft\3D75\DB.tmp
c:\windows\system32\acovcnt.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2011-10-04 bis 2011-11-04  ))))))))))))))))))))))))))))))
.
.
2011-11-03 09:56 . 2011-11-03 09:56	--------	d-----w-	c:\users\Maus\AppData\Local\ElevatedDiagnostics
2011-11-02 22:30 . 2011-11-02 22:30	--------	d-----w-	C:\_OTL
2011-11-02 08:51 . 2011-11-02 08:51	--------	d-----w-	c:\program files (x86)\ESET
2011-11-01 09:45 . 2011-11-01 09:45	--------	d-----w-	c:\users\Maus\AppData\Roaming\Malwarebytes
2011-11-01 09:45 . 2011-11-01 09:45	--------	d-----w-	c:\programdata\Malwarebytes
2011-11-01 09:45 . 2011-11-01 09:45	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2011-11-01 09:45 . 2011-08-31 16:00	25416	----a-w-	c:\windows\system32\drivers\mbam.sys
2011-10-31 22:56 . 2002-02-18 17:40	6200	----a-w-	c:\windows\SysWow64\INT13EXT.VXD
2011-10-31 22:56 . 2011-10-31 22:56	--------	d-----w-	c:\program files (x86)\PC Inspector File Recovery
2011-10-31 22:56 . 2002-12-05 13:12	692224	----a-w-	c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iKernel.dll
2011-10-31 22:56 . 2002-12-05 13:10	155648	----a-w-	c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iuser.dll
2011-10-31 22:56 . 2002-12-02 14:22	5632	----a-w-	c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\DotNetInstaller.exe
2011-10-31 22:56 . 2002-12-02 12:33	57344	----a-w-	c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll
2011-10-31 22:56 . 2002-12-02 12:33	237568	----a-w-	c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iscript.dll
2011-10-31 22:56 . 2011-10-31 22:56	163972	----a-w-	c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iGdi.dll
2011-10-31 22:56 . 2011-10-31 22:56	282756	----a-w-	c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\setup.dll
2011-10-27 08:14 . 2011-08-15 05:08	6144	----a-w-	c:\program files\Internet Explorer\iecompat.dll
2011-10-27 08:14 . 2011-08-15 04:25	6144	----a-w-	c:\program files (x86)\Internet Explorer\iecompat.dll
2011-10-22 21:41 . 2011-10-22 21:41	--------	d-----w-	c:\program files (x86)\Microsoft Games
2011-10-22 21:29 . 2011-10-22 21:29	--------	d-----w-	c:\program files (x86)\Core Design
2011-10-13 09:24 . 2011-08-17 05:32	613888	----a-w-	c:\windows\system32\psisdecd.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
(((((((((((((((((((((((((((((   SnapShot@2011-11-04_08.52.25   )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-11-04 22:01 . 2011-11-04 22:01	13306              c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
- 2011-11-03 10:20 . 2011-11-03 10:20	13306              c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
+ 2009-07-14 04:54 . 2011-11-04 22:02	16384              c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2011-11-04 08:41	16384              c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2011-11-04 22:02	32768              c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-11-04 08:41	32768              c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-11-04 08:41	16384              c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2011-11-04 22:02	16384              c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-10-15 08:02 . 2011-11-04 21:53	49304              c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
- 2009-07-14 05:10 . 2011-11-04 08:43	40460              c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-11-04 21:53	40460              c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
- 2009-07-14 05:30 . 2011-11-04 08:42	86016              c:\windows\system32\DriverStore\infpub.dat
+ 2009-07-14 05:30 . 2011-11-04 22:03	86016              c:\windows\system32\DriverStore\infpub.dat
- 2010-11-04 11:39 . 2011-11-04 08:42	16384              c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-11-04 11:39 . 2011-11-04 22:03	16384              c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-11-04 11:39 . 2011-11-04 22:03	32768              c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-11-04 11:39 . 2011-11-04 08:42	32768              c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-11-04 11:39 . 2011-11-04 08:42	16384              c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-11-04 11:39 . 2011-11-04 22:03	16384              c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-11-04 11:29 . 2011-11-04 08:44	16384              c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-11-04 11:29 . 2011-11-04 22:03	16384              c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-11-04 11:29 . 2011-11-04 08:44	16384              c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-11-04 11:29 . 2011-11-04 22:03	16384              c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-11-04 11:32 . 2011-11-04 08:43	6478              c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3100345675-469326822-1220916029-1001_UserData.bin
+ 2010-11-04 11:32 . 2011-11-04 21:53	6478              c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3100345675-469326822-1220916029-1001_UserData.bin
- 2011-11-04 08:41 . 2011-11-04 08:41	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-11-04 22:01 . 2011-11-04 22:01	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-11-04 22:01 . 2011-11-04 22:01	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-11-04 08:41 . 2011-11-04 08:41	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 02:36 . 2011-11-04 21:56	616490              c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2011-11-04 08:48	616490              c:\windows\system32\perfh009.dat
+ 2009-08-04 09:51 . 2011-11-04 21:56	654648              c:\windows\system32\perfh007.dat
- 2009-08-04 09:51 . 2011-11-04 08:48	654648              c:\windows\system32\perfh007.dat
+ 2009-07-14 02:36 . 2011-11-04 21:56	106612              c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2011-11-04 08:48	106612              c:\windows\system32\perfc009.dat
- 2009-08-04 09:51 . 2011-11-04 08:48	130230              c:\windows\system32\perfc007.dat
+ 2009-08-04 09:51 . 2011-11-04 21:56	130230              c:\windows\system32\perfc007.dat
+ 2009-07-14 05:30 . 2011-11-04 22:03	143360              c:\windows\system32\DriverStore\infstrng.dat
- 2009-07-14 05:30 . 2011-11-04 08:42	143360              c:\windows\system32\DriverStore\infstrng.dat
+ 2009-07-14 05:30 . 2011-11-04 22:03	143360              c:\windows\system32\DriverStore\infstor.dat
- 2009-07-14 05:30 . 2011-11-04 08:42	143360              c:\windows\system32\DriverStore\infstor.dat
- 2010-11-21 12:43 . 2011-11-03 10:20	937152              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2010-11-21 12:43 . 2011-11-04 22:01	937152              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2009-07-14 05:01 . 2011-11-04 22:01	240824              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2011-11-03 10:20	240824              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 02:34 . 2011-11-04 08:57	10223616              c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
- 2009-07-14 02:34 . 2011-11-03 10:06	10223616              c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ICQ"="c:\program files (x86)\ICQ7.0\ICQ.exe" [2011-01-05 133432]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2010-06-25 6806144]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-05-03 170624]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2010-08-12 1597440]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2010-08-02 281768]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer5"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 a2acc;a2acc;c:\program files (x86)\EMSISOFT ANTI-MALWARE\a2accx64.sys [2011-08-12 63880]
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2010-10-15 79360]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-10-15 79360]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [x]
R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe [2009-08-06 118672]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 A2DDA;A2 Direct Disk Access Support Driver;c:\program files (x86)\Emsisoft Anti-Malware\a2ddax64.sys [2011-05-19 23208]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 a2AntiMalware;Emsisoft Anti-Malware 6.0 - Service;c:\program files (x86)\Emsisoft Anti-Malware\a2service.exe [2011-10-17 3074040]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [x]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-04-29 136360]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-03 15416]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-10-20 821664]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-09-14 508264]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-08-06 235624]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [x]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-10-01 2314240]
S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
S3 FLxHCIc;Fresco Logic xHCI (USB3) Device Driver;c:\windows\system32\DRIVERS\FLxHCIc.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 S6000KNT;S6000KNT_WebCam Driver;c:\windows\system32\Drivers\S6000KNT.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-09-14 219496]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
2009-11-26 05:49	70656	----a-w-	c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{64174815-8D98-4CE6-8646-4C039977D808}"
[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
2009-11-26 05:49	70656	----a-w-	c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = 
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = 
IE: Free YouTube to MP3 Converter - c:\users\Maus\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
TCP: DhcpNameServer = 192.168.2.1
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files (x86)\ASUS\SmartLogon\sensorsrv.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe
c:\windows\AsScrPro.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe
c:\program files (x86)\ASUS\ControlDeck\ControlDeck.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2011-11-04  23:06:09 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2011-11-04 22:06
ComboFix2.txt  2011-11-04 08:54
.
Vor Suchlauf: 9.004.933.120 Bytes frei
Nach Suchlauf: 8.660.975.616 Bytes frei
.
- - End Of File - - 8FADE2D6947DB031C2D481F57016F220
         
--- --- ---

Antwort

Themen zu Facebook Trojaner und Co. KG
backdoor.cycbot, bildschirmschoner, dateien, explorer, facebook trojaner, facebook trojaner bildschirmschoner, folge, internet, internet explorer, internetverbindung, laptop, lvvm.exe, löschen, malwarebytes, maus, microsoft, neustart, online, opera, ordner, problem, rückgängig, scan, software, temp, trojan.agent, trojaner, update, verbindung, windows update



Ähnliche Themen: Facebook Trojaner und Co. KG


  1. Facebook-Trojaner
    Plagegeister aller Art und deren Bekämpfung - 05.10.2012 (8)
  2. Facebook-Trojaner
    Plagegeister aller Art und deren Bekämpfung - 17.01.2012 (6)
  3. Facebook-Trojaner ?
    Log-Analyse und Auswertung - 16.01.2012 (9)
  4. Facebook Trojaner
    Log-Analyse und Auswertung - 22.11.2011 (3)
  5. Facebook-Trojaner: vinamost.net/images/facebook/get.php?image=IMG39348819.JPG
    Log-Analyse und Auswertung - 21.11.2011 (42)
  6. Facebook Trojaner
    Log-Analyse und Auswertung - 10.11.2011 (2)
  7. Facebook-Trojaner/Virus
    Log-Analyse und Auswertung - 31.10.2011 (29)
  8. Trojaner von Facebook
    Plagegeister aller Art und deren Bekämpfung - 31.10.2011 (1)
  9. Facebook-Trojaner eingefangen
    Log-Analyse und Auswertung - 27.10.2011 (16)
  10. Facebook Trojaner
    Log-Analyse und Auswertung - 26.10.2011 (3)
  11. allezdax, facebook, trojaner
    Plagegeister aller Art und deren Bekämpfung - 10.10.2011 (3)
  12. Trojaner-Infektion aus Facebook
    Log-Analyse und Auswertung - 04.09.2011 (50)
  13. Facebook Trojaner
    Log-Analyse und Auswertung - 31.08.2011 (17)
  14. Facebook Trojaner
    Plagegeister aller Art und deren Bekämpfung - 28.08.2011 (5)
  15. Zuerst Facebook-Virus-Neu aufgesetzt,cpu Auslastung 100%,bei Facebook-Games extrem lahm!
    Log-Analyse und Auswertung - 03.02.2011 (11)
  16. Skype - Facebook Virus foto :P h**p://facebook.twitterbizzer.com/member_profile.php
    Plagegeister aller Art und deren Bekämpfung - 27.08.2010 (6)
  17. Mit Trojaner (Worm.KoobFace) über Facebook infiziert/Trojaner verschwunden?
    Plagegeister aller Art und deren Bekämpfung - 14.11.2009 (1)

Zum Thema Facebook Trojaner und Co. KG - Sehr geehrte Damen und Herren, Ich habe folgendes Problem auf dem Laptop meiner Freundin. Sie hat (glaub sogar 2 mal) den Facebook Bildschirmschoner Trojaner Installiert. Ältere Würmer sind aber auch - Facebook Trojaner und Co. KG...
Archiv
Du betrachtest: Facebook Trojaner und Co. KG auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.